AWS Cloud Migration services help to address a lot of common use cases such as
data center decommission, and
For migrating data from On Premises to AWS, the major aspect for considerations are
amount of data and network speed
data security in transit
existing application knowledge for recreation
NOTE: Topic mainly for Professional Exam Only
Application & Database Migration Services
AWS EC2 VM Import/Export
allows easy import of virtual machine images from existing environment to EC2 instances and export them back to on-premises environment
allows leveraging of existing investments in the virtual machines, built to meet compliance requirements, configuration management and IT security by bringing those virtual machines into EC2 as ready-to-use instances
Common usages include
Migrate Existing Applications and Workloads to EC2, allows to preserve software and settings that configured in the existing VMs
Copy Your VM Image Catalog to Amazon EC2
Create a Disaster Recovery Repository for your VM images
AWS Server Migration Service (SMS)
is an agentless service which makes it easier and faster to migrate thousands of on-premises workloads to AWS.
allows you to automate, schedule, and track incremental replications of live server volumes, making it easier to coordinate large-scale server migrations.
currently supports migration of virtual machines from VMware vSphere and Windows Hyper-V to AWS
supports migrating Windows Server 2003, 2008, 2012, and 2016, and Windows 7, 8, and 10; Red Hat Enterprise Linux (RHEL), SUSE/SLES, CentOS, Ubuntu, Oracle Linux, Fedora, and Debian Linux OS
replicates each server volume, which is saved as a new AMI, which can be launched as an EC2 instance
is a significant enhancement of EC2 VM Import.
AWS Database Migration Service (DMS)
helps migrate databases to AWS quickly and securely.
source database remains fully operational during the migration, minimizing downtime to applications that rely on the database.
supports homogeneous migrations such as Oracle to Oracle, as well as heterogeneous migrations between different database platforms, such as Oracle or Microsoft SQL Server to Amazon Aurora.
monitors for replication tasks, network or host failures, and automatically provisions a host replacement in case of failures that can't be repaired
supports both one-time data migration into RDS and EC2-based databases as well as for continuous data replication
supports continuous replication of the data with high availability and consolidate databases into a petabyte-scale data warehouse by streaming data to Amazon Redshift and Amazon S3
provides free AWS Schema Conversion Tool (SCT) that automates the conversion of Oracle PL/SQL and SQL Server T-SQL code to equivalent code in the Amazon Aurora / MySQL dialect of SQL or the equivalent PL/pgSQL code in PostgreSQL
AWS Application Discovery Service
helps enterprise customers plan migration projects by gathering information about their on-premises data centers.
collects and presents server specification information, performance data, and details of running processes and network connections
provides protection for the collected data by encrypting it both in transit to AWS and at rest within the Application Discovery Service data store.
Data Transfer Services
connection utilizes IPSec to establish encrypted network connectivity between on-premises network and VPC over the Internet.
connections can be configured in minutes and a good solution for an immediate need, have low to modest bandwidth requirements, and can tolerate the inherent variability in Internet-based connectivity.
still requires internet and be configured using VGW and CGW
AWS Direct Connect
provides a dedicated physical connection between the corporate network and AWS Direct Connect location with no data transfer over the Internet.
helps bypass Internet service providers (ISPs) in the network path
helps reduce network costs, increase bandwidth throughput, and provide a more consistent network experience than with Internet-based connection
takes time to setup and involves third parties
are not redundant and would need another direct connect connection or a VPN connection
provides a dedicated physical connection without internet
For additional security can be used with VPN
AWS Import/Export (upgraded to Snowball)
accelerates moving large amounts of data into and out of AWS using secure Snowball appliances
AWS transfers the data directly onto and off of the storage devices using Amazon's high-speed internal network, bypassing the Internet
for significant data size, AWS Import/Export is faster than Internet transfer is and more cost-effective than upgrading the connectivity
if loading the data over the Internet would take a week or more, AWS Import/Export should be considered
data from appliances can be imported to S3, Glacier and EBS volumes and exported from S3
not suitable for applications that cannot tolerate offline transfer time
Snowball uses an industry-standard Trusted Platform Module (TPM) that has a dedicated processor designed to detect any unauthorized modifications to the hardware, firmware, or software to physically secure the AWS Snowball device.
is a petabyte-scale data transfer service built around a secure suitcase-sized device that moves data into and out of the AWS Cloud quickly and efficiently.
transfers the data to S3 bucket
transfer times are about a week from start to finish.
are commonly used to ship terabytes or petabytes of analytics data, healthcare and life sciences data, video libraries, image repositories, backups, and archives as part of data center shutdown, tape replacement, or application migration projects.
AWS Snowball Edge devices
contain slightly larger capacity and an embedded computing platform that helps perform simple processing tasks.
can be rack shelved and may also be clustered together, making it simpler to collect and store data in extremely remote locations.
commonly used in environments with intermittent connectivity (such as manufacturing, industrial, and transportation); or in extremely remote locations (such as military or maritime operations) before shipping them back to AWS data centers.
delivers serverless computing applications at the network edge using AWS Greengrass and Lambda functions.
common use cases include capturing IoT sensor streams, on-the-fly media transcoding, image compression, metrics aggregation and industrial control signaling and alarming.
moves up to 100PB of data (equivalent to 1,250 AWS Snowball devices) in a 45-foot long ruggedized shipping container and is ideal for multi-petabyte or Exabyte-scale digital media migrations and datacenter shutdowns.
arrives at the customer site and appears as a network-attached data store for more secure, high-speed data transfer. After data is transferred to Snowmobile, it is driven back to an AWS Region where the data is loaded into S3.
is tamper-resistant, waterproof, and temperature controlled with multiple layers of logical and physical security - including encryption, fire suppression, dedicated security personnel, GPS tracking, alarm monitoring, 24/7 video surveillance, and an escort security vehicle during transit.
AWS Storage Gateway
connects an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization's on-premises IT environment and the AWS storage infrastructure
provides low-latency performance by maintaining frequently accessed data on-premises while securely storing all of the data encrypted in S3 or Glacier.
for disaster recovery scenarios, Storage Gateway, together with EC2, can serve as a cloud-hosted solution that mirrors the entire production environment
with gateway-cached volumes, S3 can be used to hold primary data while frequently accessed data is cached locally for faster access reducing the need to scale on premises storage infrastructure
with gateway-stored volumes, entire data is stored locally while asynchronously backing up data to S3
with gateway-VTL, offline data archiving can be performed by presenting existing backup application with an iSCSI-based VTL consisting of a virtual media changer and virtual tape drives
Encrypts all data in transit to and from AWS by using SSL/TLS.
All data in AWS Storage Gateway is encrypted at rest using AES-256.
Authentication between the gateway and iSCSI initiators can be secured by using Challenge-Handshake Authentication Protocol (CHAP).
Files up to 5GB can be transferred using single operation
Multipart uploads can be used to upload files up to 5 TB and speed up data uploads by dividing the file into multiple parts
transfer rate still limited by the network speed
Data in transit can be secured by using SSL/TLS or client-side encryption.
Encrypt data at-rest by performing server-side encryption using Amazon S3-Managed Keys (SSE-S3), AWS Key Management Service (KMS)-Managed Keys (SSE-KMS), or Customer Provided Keys (SSE-C). Or by performing client-side encryption using AWS KMS - Managed Customer Master Key (CMK) or Client-Side Master Key.