Support matrix for VMware vSphere migration

This article summarizes support settings and limitations for migrating VMware vSphere VMs with Migration and modernization . If you're looking for information about assessing VMware vSphere VMs for migration to Azure, review the assessment support matrix.

Note

This end-to-end VMware migration scenario documentation is currently in preview. For more information about using Azure Migrate, see the Azure Migrate product documentation.

Caution

This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the CentOS End Of Life guidance.

Migration options

You can migrate VMware vSphere VMs in a couple of ways:

  • Using agentless migration: Migrate VMs without needing to install anything on them. You deploy the Azure Migrate appliance for agentless migration.
  • Using agent-based migration: Install an agent on the VM for replication. For agent-based migration, you deploy a replication appliance.

Note

This also supports migrating VMs from AVS.

Review this article to figure out which method you want to use.

Agentless migration

This section summarizes requirements for agentless VMware vSphere VM migration to Azure.

VMware vSphere requirements (agentless)

The VMware vSphere hypervisor requirements are:

  • VMware vCenter Server - Version 5.5, 6.0, 6.5, 6.7, 7.0, 8.0.

  • VMware vSphere ESXi host - Version 5.5, 6.0, 6.5, 6.7, 7.0, 8.0.

  • Multiple vCenter Servers - A single appliance can connect to up to 10 vCenter Servers.

  • vCenter Server permissions - The VMware account used to access the vCenter server from the Azure Migrate appliance must have the following permissions assigned at all required levels - datacenter, cluster, host, VM, and datastore. Ensure permissions are applied at each level to avoid replication errors.

    Privilege Name in the vSphere Client The purpose for the privilege Required On Privilege Name in the API
    Browse datastore Allow browsing of VM log files to troubleshoot snapshot creation and deletion. Data stores Datastore.Browse
    Low level file operations Allow read/write/delete/rename operations in the datastore browser to troubleshoot snapshot creation and deletion. Data stores Datastore.FileManagement
    Change Configuration - Toggle disk change tracking Allow enable or disable change tracking of VM disks to pull changed blocks of data between snapshots. Virtual machines VirtualMachine.Config.ChangeTracking
    Change Configuration - Acquire disk lease Allow disk lease operations for a VM to read the disk using the VMware vSphere Virtual Disk Development Kit (VDDK). Virtual machines VirtualMachine.Config.DiskLease
    Provisioning - Allow read-only disk access Allow read-only disk access: Allow opening a disk on a VM to read the disk using the VDDK. Virtual machines VirtualMachine.Provisioning.DiskRandomRead
    Provisioning - Allow disk access Allow opening a disk on a VM to read the disk using the VDDK. Virtual machines VirtualMachine.Provisioning.DiskRandomAccess
    Provisioning - Allow virtual machine download Allow virtual machine download: Allows read operations on files associated with a VM to download the logs and troubleshoot if failure occurs. Root host or vCenter Server VirtualMachine.Provisioning.GetVmFiles
    Snapshot management Allow Discovery, Software Inventory, and Dependency Mapping on VMs. Virtual machines VirtualMachine.State.*
    Guest operations Allow creation and management of VM snapshots for replication. Virtual machines VirtualMachine.GuestOperations.*
    Interaction Power Off Allow the VM to be powered off during migration to Azure. Virtual machines VirtualMachine.Interact.PowerOff

VM requirements (agentless)

The table summarizes agentless migration requirements for VMware vSphere VMs.

Note

If a major version of an operating system is supported in agentless migration, all minor versions and kernels are automatically supported.

Support Details
Supported operating systems Windows Server 2003 and later versions. Learn more.

You can migrate all the Linux operating systems supported by Azure listed here.
Windows VMs in Azure You might need to make some changes on VMs before migration.
Linux VMs in Azure Some VMs might require changes so that they can run in Azure.

For Linux, Azure Migrate makes the changes automatically for these operating systems:
- Red Hat Enterprise Linux 9.x, 8.x, 7.9, 7.8, 7.7, 7.6, 7.5, 7.4, 7.3, 7.2, 7.1, 7.0, 6.x
- CentOS Stream
- SUSE Linux Enterprise Server 15 SP6, 15 SP5, 15 SP4, 15 SP3, 15 SP2, 15 SP1, 15 SP0, 12, 11 SP4, 11 SP3
- Ubuntu 22.04, 21.04, 20.04, 19.04, 19.10, 18.04LTS, 16.04LTS, 14.04LTS
- Debian 11, 10, 9, 8, 7
- Oracle Linux 9, 8, 7.7-CI, 7.7, 6
- Kali Linux (2016, 2017, 2018, 2019, 2020, 2021, 2022)
For other operating systems, you make the required changes manually.
The SELinux Enforced setting is currently not fully supported. It causes Dynamic IP setup and Microsoft Azure Linux Guest agent (waagent/WALinuxAgent) installation to fail. You can still migrate and use the VM. The SELinux Permissive setting is supported.
Boot requirements Windows VMs:
OS Drive (C:\) and System Reserved Partition (EFI System Partition for UEFI VMs) should reside on the same disk.
If /boot is on a dedicated partition, it should reside on the OS disk and not be spread across multiple disks.
If /boot is part of the root (/) partition, then the '/' partition should be on the OS disk and not span other disks.

Linux VMs:
If /boot is on a dedicated partition, it should reside on the OS disk and not be spread across multiple disks.
If /boot is part of the root (/) partition, then the '/' partition should be on the OS disk and not span other disks.
UEFI boot UEFI-based virtual machines are migrated to Azure's Generation 2 VMs. However, it's important to note that Azure Generation 2 VMs lack the Secure Boot feature. For VMs that utilized Secure Boot in their original configuration, a conversion to Trusted Launch VMs is recommended after migration. This step ensures that Secure Boot, along with other enhanced security functionalities, is re-enabled.
Disk size Up to 2-TB OS disk for gen 1 VM and gen 2 VMs; 32 TB for data disks. Changing the size of the source disk after initiating replication is supported and won't impact ongoing replication cycle.
Dynamic disk - An OS disk as a dynamic disk isn't supported.
- If a VM with OS disk as dynamic disk is replicating, convert the disk type from dynamic to basic and allow the new cycle to complete, before triggering test migration or migration. You'll need help from OS support for conversion of dynamic to basic disk type.
Ultra disk Ultra disk migration isn't supported from the Azure Migrate portal. You have to do an out-of-band migration for the disks that are recommended as Ultra disks. That is, you can migrate selecting it as premium disk type and change it to Ultra disk after migration.
Encrypted disks/volumes VMs with encrypted disks/volumes aren't supported for migration.
Shared disk cluster Not supported.
Independent disks Not supported.
RDM/passthrough disks If VMs have RDM or passthrough disks, these disks won't be replicated to Azure.
NFS NFS volumes mounted as volumes on the VMs won't be replicated.
ReiserFS Not supported.
iSCSI targets VMs with iSCSI targets aren't supported for agentless migration.
Multipath IO Not supported.
Storage vMotion Supported.
Teamed NICs Not supported.
IPv6 Not supported.
Target disk VMs can be migrated only to managed disks (standard HDD, standard SSD, premium SSD) in Azure.
Simultaneous replication Up to 300 simultaneously replicating VMs per vCenter Server with one appliance. Up to 500 simultaneously replicating VMs per vCenter Server when an additional scale-out appliance is deployed.
Automatic installation of Azure VM agent (Windows and Linux Agent) Windows:
Supported for Windows Server 2008 R2 onwards.

Linux:
- Red Hat Enterprise Linux 9.x, 8.x, 7.9, 7.8, 7.7, 7.6, 7.5, 7.4, 7.0, 6.x
- CentOS Stream
- SUSE Linux Enterprise Server 15 SP6, 15 SP5, 15 SP4, 15 SP3, 15 SP2, 15 SP1, 15 SP0, 12, 11 SP4, 11 SP3
- Ubuntu 22.04, 21.04, 20.04, 19.04, 19.10, 18.04LTS, 16.04LTS, 14.04LTS
- Debian 11, 10, 9, 8, 7
- Oracle Linux 9, 8, 7.7-CI, 7.7, 6
- Kali Linux (2016, 2017, 2018, 2019, 2020, 2021, 2022)

Note

Ensure that the following special characters are not passed in any credentials as they are not supported for SSO passwords:

  • Non-ASCII characters. Learn more.
  • Ampersand (&)
  • Semicolon (;)
  • Double quotation mark (")
  • Single quotation mark (')
  • Circumflex (^)
  • Backslash (\)
  • Percentage (%)
  • Angle brackets (<,>)
  • Pound (£)

Note

In addition to the Internet connectivity, for Linux VMs, ensure that the following packages are installed for successful installation of Microsoft Azure Linux agent (waagent):

  • Python 2.6+
  • OpenSSL 1.0+
  • OpenSSH 5.3+
  • Filesystem utilities: sfdisk, fdisk, mkfs, parted
  • Password tools: chpasswd, sudo
  • Text processing tools: sed, grep
  • Network tools: ip-route

Tip

Using the Azure portal you'll be able to select up to 10 VMs at a time to configure replication. To replicate more VMs you can use the portal and add the VMs to be replicated in multiple batches of 10 VMs, or use the Azure Migrate PowerShell interface to configure replication. Ensure that you don't configure simultaneous replication on more than the maximum supported number of VMs for simultaneous replications.

Appliance requirements (agentless)

Agentless migration uses the Azure Migrate appliance. You can deploy the appliance as a VMware vSphere VM using an OVA template, imported into vCenter Server, or using a PowerShell script.

Port requirements (agentless)

Device Connection
Appliance Outbound connections on port 443 to upload replicated data to Azure, and to communicate with Azure Migrate services orchestrating replication and migration.
vCenter Server Inbound connections on port 443 to allow the appliance to orchestrate replication - create snapshots, copy data, release snapshots.
vSphere ESXi host Inbound on TCP port 902 for the appliance to replicate data from snapshots. Outbound on port 902 from ESXi host is required for sending heartbeat traffic to vCenter

Agent-based migration

This section summarizes requirements for agent-based migration.

VMware vSphere requirements (agent-based)

This table summarizes assessment support and limitations for VMware vSphere virtualization servers.

VMware vSphere requirements Details
VMware vCenter Server Version 5.5, 6.0, 6.5, or 6.7.
VMware vSphere ESXi host Version 5.5, 6.0, 6.5, 6.7 or 7.0.
vCenter Server permissions VM discovery: At least a read-only user

Data Center object –> Propagate to Child Object, role=Read-only.

Replication: Create a role (Azure Site Recovery) with the required permissions, and then assign the role to a VMware vSphere user or group

Data Center object –> Propagate to Child Object, role=Azure Site Recovery

Datastore -> Allocate space, browse datastore, low-level file operations, remove file, update virtual machine files

Network -> Network assign

Resource -> Assign VM to resource pool, migrate powered off VM, migrate powered on VM

Tasks -> Create task, update task

Virtual machine -> Configuration

Virtual machine -> Interact -> answer question, device connection, configure CD media, configure floppy media, power off, power on, VMware tools install

Virtual machine -> Inventory -> Create, register, unregister

Virtual machine -> Provisioning -> Allow virtual machine download, allow virtual machine files upload

Virtual machine -> Snapshots -> Remove snapshots.


Note:
User assigned at datacenter level, and has access to all the objects in the datacenter.

To restrict access, assign the No access role with the Propagate to child object, to the child objects (vSphere hosts, datastores, VMs, and networks).

VM requirements (agent-based)

The table summarizes VMware vSphere VM support for VMware vSphere VMs you want to migrate using agent-based migration.

Support Details
Machine workload Azure Migrate supports migration of any workload (say Active Directory, SQL server, etc.) running on a supported machine.
Operating systems For the latest information, review the operating system support for Site Recovery. Azure Migrate provides identical VM operating system support.
Linux file system/guest storage For the latest information, review the Linux file system support for Site Recovery. Azure Migrate has identical Linux file system support.
Network/Storage For the latest information, review the network and storage prerequisites for Site Recovery. Azure Migrate provides identical network/storage requirements.
Azure requirements For the latest information, review the Azure network, storage, and compute requirements for Site Recovery. Azure Migrate has identical requirements for VMware migration.
Mobility service The Mobility service agent must be installed on each VM you want to migrate.
UEFI boot Supported. UEFI-based VMs will be migrated to Azure generation 2 VMs.
UEFI - Secure boot Not supported for migration.
Target disk VMs can only be migrated to managed disks (standard HDD, standard SSD, premium SSD) in Azure.
Disk size up to 2-TB OS disk for gen 1 VM; up to 4-TB OS disk for gen 2 VM; 32 TB for data disks.
Disk limits Up to 63 disks per VM.
Encrypted disks/volumes VMs with encrypted disks/volumes aren't supported for migration.
Shared disk cluster Not supported.
Independent disks Supported.
Passthrough disks Supported.
NFS NFS volumes mounted as volumes on the VMs won't be replicated.
ReiserFS Not supported.
iSCSI targets Supported.
Multipath IO Not supported.
Storage vMotion Supported
Teamed NICs Not supported.
IPv6 Not supported.

Appliance requirements (agent-based)

When you set up the replication appliance using the OVA template provided in the Azure Migrate hub, the appliance runs Windows Server 2016 and complies with the support requirements. If you set up the replication appliance manually on a physical server, then make sure that it complies with the requirements.

Port requirements (agent-based)

Device Connection
VMs The Mobility service running on VMs communicates with the on-premises replication appliance (configuration server) on port HTTPS 443 inbound, for replication management.

VMs send replication data to the process server (running on the configuration server machine) on port HTTPS 9443 inbound. This port can be modified.
Replication appliance The replication appliance orchestrates replication with Azure over port HTTPS 443 outbound.
Process server The process server receives replication data, optimizes, and encrypts it, and sends it to Azure storage over port 443 outbound.
By default the process server runs on the replication appliance.

Azure VM requirements

All on-premises VMs replicated to Azure (with agentless or agent-based migration) must meet the Azure VM requirements summarized in this table.

Component Requirements
Guest operating system Verifies supported VMware VM operating systems for migration.
You can migrate any workload running on a supported operating system.
Guest operating system architecture 64-bit.
Operating system disk size Up to 2,048 GB.
Operating system disk count 1
Data disk count 64 or less.
Data disk size Up to 32 TB
Network adapters Multiple adapters are supported.
Shared VHD Not supported.
FC disk Not supported.
BitLocker Not supported.

BitLocker must be disabled before you migrate the machine.
VM name From 1 to 63 characters.

Restricted to letters, numbers, and hyphens.

The machine name must start and end with a letter or number.
Connect after migration-Windows To connect to Azure VMs running Windows after migration:

- Before migration, enable RDP on the on-premises VM.

Make sure that TCP and UDP rules are added for the Public profile, and that RDP is allowed in Windows Firewall > Allowed Apps for all profiles.

For site-to-site VPN access, enable RDP and allow RDP in Windows Firewall > Allowed apps and features for Domain and Private networks.

In addition, check that the operating system's SAN policy is set to OnlineAll. Learn more.
Connect after migration-Linux To connect to Azure VMs after migration using SSH:

Before migration, on the on-premises machine, check that the Secure Shell service is set to Start, and that firewall rules allow an SSH connection.

After failover, on the Azure VM, allow incoming connections to the SSH port for the network security group rules on the failed over VM, and for the Azure subnet to which it's connected.

In addition, add a public IP address for the VM.

Next steps

Select a VMware vSphere migration option.