Support matrix for VMware vSphere migration
Caution
This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the CentOS End Of Life guidance.
This article summarizes support settings and limitations for migrating VMware vSphere VMs with Migration and modernization . If you're looking for information about assessing VMware vSphere VMs for migration to Azure, review the assessment support matrix.
Migration options
You can migrate VMware vSphere VMs in a couple of ways:
- Using agentless migration: Migrate VMs without needing to install anything on them. You deploy the Azure Migrate appliance for agentless migration.
- Using agent-based migration: Install an agent on the VM for replication. For agent-based migration, you deploy a replication appliance.
Note
This also supports migrating VMs from AVS.
Review this article to figure out which method you want to use.
Agentless migration
This section summarizes requirements for agentless VMware vSphere VM migration to Azure.
VMware vSphere requirements (agentless)
The VMware vSphere hypervisor requirements are:
VMware vCenter Server - Version 5.5, 6.0, 6.5, 6.7, 7.0, 8.0.
VMware vSphere ESXi host - Version 5.5, 6.0, 6.5, 6.7, 7.0, 8.0.
Multiple vCenter Servers - A single appliance can connect to up to 10 vCenter Servers.
vCenter Server permissions - The VMware account used to access the vCenter server from the Azure Migrate appliance must have the following permissions assigned at all required levels - datacenter, cluster, host, VM, and datastore. Ensure permissions are applied at each level to avoid replication errors.
Privilege Name in the vSphere Client The purpose for the privilege Required On Privilege Name in the API Browse datastore Allow browsing of VM log files to troubleshoot snapshot creation and deletion. Data stores Datastore.Browse Low level file operations Allow read/write/delete/rename operations in the datastore browser to troubleshoot snapshot creation and deletion. Data stores Datastore.FileManagement Change Configuration - Toggle disk change tracking Allow enable or disable change tracking of VM disks to pull changed blocks of data between snapshots. Virtual machines VirtualMachine.Config.ChangeTracking Change Configuration - Acquire disk lease Allow disk lease operations for a VM to read the disk using the VMware vSphere Virtual Disk Development Kit (VDDK). Virtual machines VirtualMachine.Config.DiskLease Provisioning - Allow read-only disk access Allow read-only disk access: Allow opening a disk on a VM to read the disk using the VDDK. Virtual machines VirtualMachine.Provisioning.DiskRandomRead Provisioning - Allow disk access Allow opening a disk on a VM to read the disk using the VDDK. Virtual machines VirtualMachine.Provisioning.DiskRandomAccess Provisioning - Allow virtual machine download Allow virtual machine download: Allows read operations on files associated with a VM to download the logs and troubleshoot if failure occurs. Root host or vCenter Server VirtualMachine.Provisioning.GetVmFiles Snapshot management Allow Discovery, Software Inventory, and Dependency Mapping on VMs. Virtual machines VirtualMachine.State.* Guest operations Allow creation and management of VM snapshots for replication. Virtual machines VirtualMachine.GuestOperations.* Interaction Power Off Allow the VM to be powered off during migration to Azure. Virtual machines VirtualMachine.Interact.PowerOff
VM requirements (agentless)
The table summarizes agentless migration requirements for VMware vSphere VMs.
Support | Details |
---|---|
Supported operating systems | Windows Server 2003 and later versions. Learn more. You can migrate all the Linux operating systems supported by Azure listed here. |
Windows VMs in Azure | You might need to make some changes on VMs before migration. |
Linux VMs in Azure | Some VMs might require changes so that they can run in Azure. For Linux, Azure Migrate makes the changes automatically for these operating systems: - Red Hat Enterprise Linux 9.x, 8.x, 7.9, 7.8, 7.7, 7.6, 7.5, 7.4, 7.3, 7.2, 7.1, 7.0, 6.x - CentOS Stream - SUSE Linux Enterprise Server 15 SP4, 15 SP3, 15 SP2, 15 SP1, 15 SP0, 12, 11 SP4, 11 SP3 - Ubuntu 22.04, 21.04, 20.04, 19.04, 19.10, 18.04LTS, 16.04LTS, 14.04LTS - Debian 11, 10, 9, 8, 7 - Oracle Linux 9, 8, 7.7-CI, 7.7, 6 - Kali Linux (2016, 2017, 2018, 2019, 2020, 2021, 2022) For other operating systems, you make the required changes manually. The SELinux Enforced setting is currently not fully supported. It causes Dynamic IP setup and Microsoft Azure Linux Guest agent (waagent/WALinuxAgent) installation to fail. You can still migrate and use the VM. The SELinux Permissive setting is supported. |
Boot requirements | Windows VMs: OS Drive (C:\) and System Reserved Partition (EFI System Partition for UEFI VMs) should reside on the same disk. If /boot is on a dedicated partition, it should reside on the OS disk and not be spread across multiple disks. If /boot is part of the root (/) partition, then the '/' partition should be on the OS disk and not span other disks. Linux VMs: If /boot is on a dedicated partition, it should reside on the OS disk and not be spread across multiple disks.If /boot is part of the root (/) partition, then the '/' partition should be on the OS disk and not span other disks. |
UEFI boot | UEFI-based virtual machines are migrated to Azure's Generation 2 VMs. However, it's important to note that Azure Generation 2 VMs lack the Secure Boot feature. For VMs that utilized Secure Boot in their original configuration, a conversion to Trusted Launch VMs is recommended after migration. This step ensures that Secure Boot, along with other enhanced security functionalities, is re-enabled. |
Disk size | Up to 2-TB OS disk for gen 1 VM and gen 2 VMs; 32 TB for data disks. Changing the size of the source disk after initiating replication is supported and won't impact ongoing replication cycle. |
Dynamic disk | - An OS disk as a dynamic disk isn't supported. - If a VM with OS disk as dynamic disk is replicating, convert the disk type from dynamic to basic and allow the new cycle to complete, before triggering test migration or migration. You'll need help from OS support for conversion of dynamic to basic disk type. |
Ultra disk | Ultra disk migration isn't supported from the Azure Migrate portal. You have to do an out-of-band migration for the disks that are recommended as Ultra disks. That is, you can migrate selecting it as premium disk type and change it to Ultra disk after migration. |
Encrypted disks/volumes | VMs with encrypted disks/volumes aren't supported for migration. |
Shared disk cluster | Not supported. |
Independent disks | Not supported. |
RDM/passthrough disks | If VMs have RDM or passthrough disks, these disks won't be replicated to Azure. |
NFS | NFS volumes mounted as volumes on the VMs won't be replicated. |
ReiserFS | Not supported. |
iSCSI targets | VMs with iSCSI targets aren't supported for agentless migration. |
Multipath IO | Not supported. |
Storage vMotion | Supported. |
Teamed NICs | Not supported. |
IPv6 | Not supported. |
Target disk | VMs can be migrated only to managed disks (standard HDD, standard SSD, premium SSD) in Azure. |
Simultaneous replication | Up to 300 simultaneously replicating VMs per vCenter Server with one appliance. Up to 500 simultaneously replicating VMs per vCenter Server when an additional scale-out appliance is deployed. |
Automatic installation of Azure VM agent (Windows and Linux Agent) | Windows: Supported for Windows Server 2008 R2 onwards. Linux: - Red Hat Enterprise Linux 9.x, 8.x, 7.9, 7.8, 7.7, 7.6, 7.5, 7.4, 7.0, 6.x - CentOS Stream - SUSE Linux Enterprise Server 15 SP4, 15 SP3, 15 SP2, 15 SP1, 15 SP0, 12, 11 SP4, 11 SP3 - Ubuntu 22.04, 21.04, 20.04, 19.04, 19.10, 18.04LTS, 16.04LTS, 14.04LTS - Debian 11, 10, 9, 8, 7 - Oracle Linux 9, 8, 7.7-CI, 7.7, 6 - Kali Linux (2016, 2017, 2018, 2019, 2020, 2021, 2022) |
Note
Ensure that the following special characters are not passed in any credentials as they are not supported for SSO passwords:
- Non-ASCII characters. Learn more.
- Ampersand (&)
- Semicolon (;)
- Double quotation mark (")
- Single quotation mark (')
- Circumflex (^)
- Backslash (\)
- Percentage (%)
- Angle brackets (<,>)
- Pound (£)
Note
In addition to the Internet connectivity, for Linux VMs, ensure that the following packages are installed for successful installation of Microsoft Azure Linux agent (waagent):
- Python 2.6+
- OpenSSL 1.0+
- OpenSSH 5.3+
- Filesystem utilities: sfdisk, fdisk, mkfs, parted
- Password tools: chpasswd, sudo
- Text processing tools: sed, grep
- Network tools: ip-route
Tip
Using the Azure portal you'll be able to select up to 10 VMs at a time to configure replication. To replicate more VMs you can use the portal and add the VMs to be replicated in multiple batches of 10 VMs, or use the Azure Migrate PowerShell interface to configure replication. Ensure that you don't configure simultaneous replication on more than the maximum supported number of VMs for simultaneous replications.
Appliance requirements (agentless)
Agentless migration uses the Azure Migrate appliance. You can deploy the appliance as a VMware vSphere VM using an OVA template, imported into vCenter Server, or using a PowerShell script.
- Learn about appliance requirements for VMware vSphere.
- Learn about URLs that the appliance needs to access in public and government clouds.
- In Azure Government, you must deploy the appliance using the script.s
Port requirements (agentless)
Device | Connection |
---|---|
Appliance | Outbound connections on port 443 to upload replicated data to Azure, and to communicate with Azure Migrate services orchestrating replication and migration. |
vCenter Server | Inbound connections on port 443 to allow the appliance to orchestrate replication - create snapshots, copy data, release snapshots. |
vSphere ESXi host | Inbound on TCP port 902 for the appliance to replicate data from snapshots. Outbound on port 902 from ESXi host is required for sending heartbeat traffic to vCenter |
Agent-based migration
This section summarizes requirements for agent-based migration.
VMware vSphere requirements (agent-based)
This table summarizes assessment support and limitations for VMware vSphere virtualization servers.
VMware vSphere requirements | Details |
---|---|
VMware vCenter Server | Version 5.5, 6.0, 6.5, or 6.7. |
VMware vSphere ESXi host | Version 5.5, 6.0, 6.5, 6.7 or 7.0. |
vCenter Server permissions | VM discovery: At least a read-only user Data Center object –> Propagate to Child Object, role=Read-only. Replication: Create a role (Azure Site Recovery) with the required permissions, and then assign the role to a VMware vSphere user or group Data Center object –> Propagate to Child Object, role=Azure Site Recovery Datastore -> Allocate space, browse datastore, low-level file operations, remove file, update virtual machine files Network -> Network assign Resource -> Assign VM to resource pool, migrate powered off VM, migrate powered on VM Tasks -> Create task, update task Virtual machine -> Configuration Virtual machine -> Interact -> answer question, device connection, configure CD media, configure floppy media, power off, power on, VMware tools install Virtual machine -> Inventory -> Create, register, unregister Virtual machine -> Provisioning -> Allow virtual machine download, allow virtual machine files upload Virtual machine -> Snapshots -> Remove snapshots. Note: User assigned at datacenter level, and has access to all the objects in the datacenter. To restrict access, assign the No access role with the Propagate to child object, to the child objects (vSphere hosts, datastores, VMs, and networks). |
VM requirements (agent-based)
The table summarizes VMware vSphere VM support for VMware vSphere VMs you want to migrate using agent-based migration.
Support | Details |
---|---|
Machine workload | Azure Migrate supports migration of any workload (say Active Directory, SQL server, etc.) running on a supported machine. |
Operating systems | For the latest information, review the operating system support for Site Recovery. Azure Migrate provides identical VM operating system support. |
Linux file system/guest storage | For the latest information, review the Linux file system support for Site Recovery. Azure Migrate has identical Linux file system support. |
Network/Storage | For the latest information, review the network and storage prerequisites for Site Recovery. Azure Migrate provides identical network/storage requirements. |
Azure requirements | For the latest information, review the Azure network, storage, and compute requirements for Site Recovery. Azure Migrate has identical requirements for VMware migration. |
Mobility service | The Mobility service agent must be installed on each VM you want to migrate. |
UEFI boot | Supported. UEFI-based VMs will be migrated to Azure generation 2 VMs. |
UEFI - Secure boot | Not supported for migration. |
Target disk | VMs can only be migrated to managed disks (standard HDD, standard SSD, premium SSD) in Azure. |
Disk size | up to 2-TB OS disk for gen 1 VM; up to 4-TB OS disk for gen 2 VM; 32 TB for data disks. |
Disk limits | Up to 63 disks per VM. |
Encrypted disks/volumes | VMs with encrypted disks/volumes aren't supported for migration. |
Shared disk cluster | Not supported. |
Independent disks | Supported. |
Passthrough disks | Supported. |
NFS | NFS volumes mounted as volumes on the VMs won't be replicated. |
ReiserFS | Not supported. |
iSCSI targets | Supported. |
Multipath IO | Not supported. |
Storage vMotion | Supported |
Teamed NICs | Not supported. |
IPv6 | Not supported. |
Appliance requirements (agent-based)
When you set up the replication appliance using the OVA template provided in the Azure Migrate hub, the appliance runs Windows Server 2016 and complies with the support requirements. If you set up the replication appliance manually on a physical server, then make sure that it complies with the requirements.
- Learn about replication appliance requirements for VMware vSphere.
- Install MySQL on the appliance. Learn about installation options.
- Learn about URLs that the replication appliance needs to access in public and government clouds.
- Review the ports the replication appliance needs to access.
Port requirements (agent-based)
Device | Connection |
---|---|
VMs | The Mobility service running on VMs communicates with the on-premises replication appliance (configuration server) on port HTTPS 443 inbound, for replication management. VMs send replication data to the process server (running on the configuration server machine) on port HTTPS 9443 inbound. This port can be modified. |
Replication appliance | The replication appliance orchestrates replication with Azure over port HTTPS 443 outbound. |
Process server | The process server receives replication data, optimizes, and encrypts it, and sends it to Azure storage over port 443 outbound. By default the process server runs on the replication appliance. |
Azure VM requirements
All on-premises VMs replicated to Azure (with agentless or agent-based migration) must meet the Azure VM requirements summarized in this table.
Component | Requirements |
---|---|
Guest operating system | Verifies supported VMware VM operating systems for migration. You can migrate any workload running on a supported operating system. |
Guest operating system architecture | 64-bit. |
Operating system disk size | Up to 2,048 GB. |
Operating system disk count | 1 |
Data disk count | 64 or less. |
Data disk size | Up to 32 TB |
Network adapters | Multiple adapters are supported. |
Shared VHD | Not supported. |
FC disk | Not supported. |
BitLocker | Not supported. BitLocker must be disabled before you migrate the machine. |
VM name | From 1 to 63 characters. Restricted to letters, numbers, and hyphens. The machine name must start and end with a letter or number. |
Connect after migration-Windows | To connect to Azure VMs running Windows after migration: - Before migration, enable RDP on the on-premises VM. Make sure that TCP and UDP rules are added for the Public profile, and that RDP is allowed in Windows Firewall > Allowed Apps for all profiles. For site-to-site VPN access, enable RDP and allow RDP in Windows Firewall > Allowed apps and features for Domain and Private networks. In addition, check that the operating system's SAN policy is set to OnlineAll. Learn more. |
Connect after migration-Linux | To connect to Azure VMs after migration using SSH: Before migration, on the on-premises machine, check that the Secure Shell service is set to Start, and that firewall rules allow an SSH connection. After failover, on the Azure VM, allow incoming connections to the SSH port for the network security group rules on the failed over VM, and for the Azure subnet to which it's connected. In addition, add a public IP address for the VM. |
Next steps
Select a VMware vSphere migration option.