How to Migrate VMware VMs to Azure (1): Discover VMware VMs

Photo of author

By Victor Ashiedu

Published

The first step in migrating VMware VMs to Azure is to discover VMs using the Azure Migrate: Discovery and Assessment tool.

Overview of the Discovery and Assessment Tool

The Azure Migrate: Discovery and assessment tool is an Azure appliance you deploy in vCenter. When you deploy it, it continuously discovers VMware VM workloads and gathers performance information.

Specifically, this lightweight Azure Migrate tool gathers information about VM performance, applications running on the VMs servers, their dependencies, and databases.

Deploying this tool is the first step in preparing your VMware environment for a successful migration to Azure Cloud. In the remaining tasks in this guide, I’ll walk you through the steps to review the requirements for deploying this tool.

There are also steps to prepare your Azure account and VMware environment, deploy the Azure Migrate: Discovery and assessment tool appliance in vCenter, and initiate the discovery.

To complete the tasks in this guide, you need an Azure account. If you don’t have one, create a free one.

Let’s get this started!

Task 1: Configure Site-to-site VPN

Whenever I perform an on-premises VM to Azure migration, I first set up a site-to-site (S2S) VPN connection from the on-premises site to the Azure vNET, where the VMs will be migrated.

This is because, during the migration process, VMs you migrate to Azure can work with on-prem VMs that have yet to be migrated.

For example, migrating one VM to Azure first may be more efficient if you have a database and an app hosted in two VMs. In this scenario, you may not have enough windows to change both VMs on the same day.

So, say you move the database VM first. After the move, you can configure the app to continue using the migrated database VM. However, this would be impossible if you do not have a VPN connection to Azure.

Another great example is migrating Domain Controllers. You will likely be unable to migrate all your DCs to Azure in one change window.

If this happens, migrated DCs will continue replicating with on-prem DCs using the S2S VPN connection.

So, before proceeding with task 2 below, I strongly recommend creating a site-to-site VPN (complete steps 1 to 9) connection between your on-prem and Azure virtual network.

Task 2: Review the Discovery Prerequisites

Use the table below to ensure your environment meets the requirements for deploying the Azure Migrate: Discovery and assessment tool.

S/NvCenter Server and ESXi hostRequirement
1VMware VMsIt supports discovering the performance, configuration data, and apps on all Windows and Linux versions. Read about supported OS versions.

To discover installed apps, all VMware VMs must run VMware Tools (version 10.2.1 or later), and Windows Servers must run Windows PowerShell 2.0 or higher.

Use these links to read about supported SQL Server versions and configuration, SQL authentication, and supported web apps in Windows OS and IIS versions, supported Linux OS and Tomcat versions.
2Permissions for SQL Server accessThe Windows or SQL account must meet the Azure migrate discovery tool requirements to discover Microsoft SQL Server instances and databases.

You can use these steps to set up the SQL account that meets the requirements.
3vCenter Serve and ESXi hostYour vCenter server must be on version 5.5, 6.0, 6.5, 7.0, or 8.0. Similarly, ESXi hosts must be version 5.5 or higher.

The vCenter server and ESXi hosts must also allow inbound TCP port 443.
4Azure Migrate applianceYour vCenter server should have 32 GB of RAM, 8 vCPUs, and approximately 80 GB of disk storage to support the Azure Migrate appliance. It must also have an external virtual switch and an internet connection.
Table 1.0

Before moving on, based on the information in the table above, confirm the following and remediate any issues:

  1. Your vCenter server has at least 32 GB of RAM, 8 vCPUs, and 80 GB of storage.
  2. Also, check that the vCenter server has an external virtual switch and access to the internet.
  3. Check that port 443 is open on the vCenter server and all ESXi hosts it manages.
  4. Confirm that your vCenter server is running at least version 5.5
  5. Review the Windows, Linux, and SQL server requirements using the links provided in Table 1.0

Task 3: Prep the Azure Account

Later in this guide, you’ll create an Azure Migrate project and register an Azure Migrate appliance. To perform these tasks, you require an Azure account with the permissions detailed in the table below.

S/NPermissionReason for permission
1Contributor or Owner at Azure SubscriptionTo create an Azure Key Vault, which is required during agentless server migration.
2Application.ReadWrite.All permissionRequired to register an application in Microsoft Entra

If you created the Azure account you’re using for this project, your account will be assigned “Owner” permission at the subscription level.

If you created the Azure account you're using for this project, your account will be assigned "Owner" permission at the subscription level.

You could use this account to migrate in a lab or test environment. However, security best practices require applying the principle of least privilege for production migration.

I strongly recommend creating another Azure account dedicated to the migration project to meet this requirement. In the following sub-tasks, I have explained how to create an Azure account and grant it the least privileges required for the migration.

Task 3.1: Create an Azure Account

  1. Search for and open Microsoft Entra ID. Then, click +Add > Users > Create new user.
Then, click +Add > Users > Create new user.
  1. On the new account window, complete the required fields and click Review + create. Then, click Create.
On the new account window, complete the required fields and click Review + create - then, click Create.

Task 3.2: Grant the Account the Required Permissions

Run the following PowerShell commands from Azure Cloud Shell to grant the account “Application Administrator” role in Microsoft Entra and “Contributor” to your subscription.

#1. Get the user the user's ID

$userID = (Get-AzADUser -UserPrincipalName <[email protected]>).Id

#2. Get the Azure Subscription Id - change AZ-100 to the first few text in the subscription name

$subscriptionId = (Get-AzSubscription | Where-Object {$_.Name -like "*AZ-100*"}).Id

#3. Assign the Contributor role to the user in the subscription

$roleDefinition = Get-AzRoleDefinition -Name "Contributor"
New-AzRoleAssignment -ObjectId $userID -RoleDefinitionId $roleDefinition.Id -Scope "/subscriptions/$subscriptionId"

To grant the user the “Application Administrator” role, open the user’s properties in Microsoft Entra ID, click “Assigned roles,” check “Application Administrator,” and finally, click the Add button.

Grant the Account the Required Permissions

Before proceeding, confirm that the user has the “Contributor” role in the subscription.

Before proceeding, confirm that the user has the "Contributor" role in the subscription.

Task 4: Create VMware and Server Accounts

The Azure Migrate discovery appliance is a VMware appliance you deploy in vCenter. You require a vCenter account with these permissions to deploy it.

Similarly, Azure Migrate needs a read-only vCenter account to discover VMware VMs (servers). Finally, to allow Azure Migrate to discover installed applications and agentless dependency analysis in VMware servers, enable the Guest operations Privilege in the account.

Azure Migrate also requires a local or domain account on with local administrator permission on Windows server and on Linux servers, a sudo user account with permissions to execute ls and netstat commands.

Based on the abovementioned requirements, I will create a local vCenter account with these permissions. This account will be used for OVF deployment and agentless discovery.

Similarly, I will create a domain account – my test environment is a Windows environment – and add the account to the local administrators account for the VMware VMs running Windows Server.

Task 4.1: Create a Local vCenter Account

In this sub-task, I’ll create a vCenter user and add the account to the vCenter local administrators group.

  1. Sign in to vCenter via a browser, click the menu, and choose Administrator.
  1. Then, on the Single Sign On section, click Users and Groups, then, click ADD under the Users tab.
Then, on the Single Sign On section, click Users and Groups, then, click ADD under the Users tab.
  1. Enter the account details and click ADD.
Enter the account details and click ADD.
  1. To add the newly created user to the Administrators group, click Global Permissions under Access Control, then click ADD. After that, select the options in my second screenshot below and click OK.
To add the newly created user to the Administrators group, click Global Permissions under Access Control, then click ADD.
After that, select the options in my second screenshot below and click OK.

Before moving on to Task 4.2, confirm that the account is in the list.

Task 4.2: Create a Windows Domain Account

Open PowerShell as administrator and run these commands. Run #1 and 2 in a Domain Controller and #3 on the Windows VMware VM. If the VMware VM is a Domain Controller, run command #4 to add the user to the domain’s administrators group

#1. Set the variables - change $ADLocation variable to the DN of the OU you want to create the account

$Username = 'azure-mig-dsad'
$ADLocation = 'OU=Service Accounts,DC=lab,DC=infopressmedia,DC=com'

$Credential = (Get-Credential -UserName $Username -Message "Enter the password for the $Username")

#2. Create the user

New-ADUser -Name $Username -Path $ADLocation -PasswordNeverExpires $true -AccountPassword $Credential.Password -Enabled $true

#3. Add the Windows domain account to the Windows VMware VM's local administrators account - run this command on each Windows VMware VM

Add-LocalGroupMember -Group "Administrators" -Member "lab\azure-mig-dsad"

#4. Add the Windows domain account to the Windows domain administrators group

Add-ADGroupMember -Identity "Administrators" -Members azure-mig-dsad

If you have Linux Servers in your VMware environment, see the Linux servers section in Create an account to access servers.

Task 5: Install VMware Tools

The Azure Migrate agentless migration uses Vmware tools to discover applications installed on the VMware servers you’re migrating. So, it is important to confirm that the latest VMware tools are installed on all VMs you intend to migrate.

Agentless dependency analysts will fail if a VM is not running VMware tools.

Task 6: Create an Azure Migrate Project

Now that you’ve prepared the VMware environment, creating an Azure Migrate project is time. Follow these steps to create an Azure Migrate project.

  1. Sign in to your Azure account, search Azure Migrate, and open the resource.
Sign in to your Azure account, search Azure Migrate and open the resource.
  1. On the Getting started tab, click discover, assess, migrate in the Servers, databases and web apps section. After that, click Create project.
On the Getting started tab, click discover, assess, migrate in the Servers, databases and web apps section.
After that, click Create project.
  1. Then, on the Create project window, select the subscription and resource group (RG) to create the project under. Then, enter a name and select the Azure region to create the project.
If you do not have an existing RG or want to create a new one, click Create new under the Resource group drop-down.
Then, on the Create project window, select the subscription and resource group (RG) to create the project under.
  1. After entering the details, click Create, then wait for the project to be deployed. When the project is fully created, proceed to Task 6 below.
Note that the Azure Migrate project has two section: 1, Azure Migrate: Discovery and assessment and 2, Migration and modernization.
After entering the details, click Create, then wait for the project to be deployed. When the project is fully created, proceed to Task 6 below.

Task 7: Download the Appliance’s OVA File

Task 7.1: Generate the Project Key

  1. On the Azure Migrate: Discovery and assessment section of the Azure Migrate project, click the Discover drop-down and choose Using appliance.
On the Azure Migrate: Discovery and assessment section of the Azure Migrate project, click the Discover drop-down and choose Using appliance.
  1. Then, click the Are your servers virtualized? drop-down and choose Yes, with VMware vSphere hypervisor.
click the Are your servers virtualized? drop-down and choose Yes, with VMware vSphere hypervisor.
  1. After that, on the 1: Generate project key, enter a name for the VMware appliance in the Name your appliance field, then click Generate key.

When you click Generate key, Azure will start creating the required Azure resources – DO NOT close the windows while the resources are being created.

Azure create two resources – a Recovery Services vault and a
Key vault – in the region you created the resource group.
Generate project key, enter a name for the VMware appliance in the Name your appliance field, then click Generate key
When you click Generate key, Azure will start creating the required Azure resources - DO NOT close the windows while the resources are being created.
  1. When Azure finishes creating the resources, it will generate the project key. Copy the key and save it in a file.
When Azure finishes creating the resources, it will generate the project key. Copy the key and save it in a file.

Task 7.2: Download the OVF File

To download the Azure Migrate Discovery appliance VM OVF file, choose the “.OVA file” option in 2: Download Azure Migrate appliance and click the dowload link.

Task 7.3: Verify the OVF File

After downloading the OVF file, before importing it to your vCenter server, verify the file’s security using these steps:

  1. Open Command Prompt as administrator. Then, run the command below to generate the hash for the downloaded OVA file.
CertUtil -HashFile <file_location> <hashing_agorithm>

I ran the command below to generate the has for my OVA file.

CertUtil -HashFile "D:\Azure Migrate\MicrosoftAzureMigration.ova" SHA256
  1. Note the has file and compare it to the hash for the latest OVA file. The first screenshot below, shows the hash file from the previous link – the latest OFA file as of September 2024 when I wrote this guide.

Meanwhile, the second screenshot shows the has of my downloaded OVA file. The has of the two files are the same, so my downloaded file is safe!

Note the has file and compare it to the hash for the latest OVA file
Meanwhile, the second screenshot shows the has of my downloaded OVA file. The has of the two files are the same so my downloaded file is safe!

Task 8: Set Up the Appliance in vCenter

Task 8.1: Configure the Appliance in vCenter

  1. Sign in to vCenter with an account that has the permission to create VMs using OVA files.
  2. After that, upload the OVA file into vCenter, then, wait for the file to upload.
After that, upload the OVA file into vCenter.
  1. Once the OVA file is uploaded to vCenter, right-click the vCenter location you want to deploy the OFA file and choose Deploy OVF Template.
Once the OVA file is uploaded to vCenter, right-click the vCenter location you want to deploy the OFA file and choose Deploy OVF Template.
  1. Then, on the first page of the wizard, use choose the second option and use the UPLOAD FILES button to select the OVA file from the folder you saved it in your computer. Once the file is verified, click Next.
  1. Give the Azure Appliance a name and select the vCenter location to deploy it – I’m deploying mine in my vCenter cluster. After the compactibility test, click Next again to progress to the next stage.
Give the Azure Appliance a name and select the vCenter location to deploy it - I'm deploying mine in my vCenter cluster.
  1. After that, wait for vCenter to display information about the template, then click Next.
After that, wait for vCenter to display information about the template, then click Next.
  1. Finally, select the datastore, VM Network, and click FINISH to deploy the Azure Migragrate VM appliance. Wait for the appliance to be set up in vCenter.
Wait for the appliance to be set up in vCenter.

The Azure Migrate appliance is assigned 32 GB of RAM and 4 CPUs.

The Azure Migrate appliance is assigned 32 GB of RAM and 4 CPUs.

Since I’m running this migration in my home lab – the vCenter server does not have up to 32 GB – I modified the appliance’s VM RAM to 8 GB and 2 vCPUs.

Task 7.2: Configure the Appliance

  1. Power up the Azure Migrate appliance. Then, click on it to open the console.
Power up the Azure Migrate appliance. Then, click on it to open the console.
  1. On the VM’s console, accept the license agreement, and set a password for the local administrator account. The Server will be assigned an IP address by your DHCP server.

However, to be able to access the appliance from a consistent IP address, log in to the VM with the local administrator account and assign it a static IP address.

If you want to access the appliance via its name instead of IP address, create a host A record. I will be managing mine via its IP address.

  1. From a browser on any PC that can reach the Azure Migrate VM appliance’s IP address, open its IP on port 44368.

The browser will display a warning, click Advanced and proceed. Then, sign in with the local administrator credentials of the appliance.

https://192.168.0.116:44368/
Then, sign in with the local administrator credentials of the appliance.
  1. Once you sign in, accept the Azure Migrate licence agreement. After that, the appliace will test connection to and time synch with Azure.
Once you sign in, accept the Azure Migrate licence agreement.
After that, the appliace will test connection to and time synch with Azure.

Task 8.3: Register the Appliance in Azure Migrate

To register the vCenter appliance with Azure, follow these steps:

  1. Enter the project key you copied in Task 6.1, step 3 in the registration field, and click Verify. The key will be verified, and the appliance will initiate an auto-update. According to the notes, this may take up to 5 minutes.
If you did not save the project key earlier, open the follow my numbering in screenshots 3-6 below.
Enter the project key you copied in Task 6.1, step 3 in the registration field and click Verify
If you did not save the project key earlier, open the follow my numbering in screenshots 3-5 below.
If you did not save the project key earlier, open the follow my numbering in screenshots 3-5 below.
If you did not save the project key earlier, open the follow my numbering in screenshots 3-5 below.
  1. When the appliance auto-update is completed, the login button will be activated. Sign in to your account account by clicking the Login button.
Sign in with the Azure account you created for migration purposes in Tasks 3.1 and 3.2. If the auto-update takes more than 5 minutes, wait as it may take longer than that.
  1. Then, from the pop-up, click Copy code and login.
Then, from the pop-up, click Copy code and login.
  1. Paste the code and click Next.
Paste the code and click Next.
  1. Then, sign in to Azure with the account you created for the migration. After signing in, wait for the appliance to register in Azure.
If required, after siggning in, follow the steps to download Microsoft authenticator app and set up 2FA.
Then, sign in to Azure with the account you created for the migration.
 After signing in, wait for the appliance to register in Azure.

If the appliance registration fails, click the error details, wait about 5 minutes, and then click and click Re-try.

  1. When the appliance is successfully registered to Azure, download and install the VMware Virtual Disk Development Kit.
When the appliance is successfully registered to Azure, downlaod and install VMware Virtual Disk Development Kit.
The link required to download the VMware Virtual Disk Development Kit requires a Broadcom partner account. Since I was deploying in a home lab, I do not have a Broadcom partner account. I downloaded the file from here (download the .zip file).
Since I was deploying in a home lab, I do not have a Broadcom partner account.
  1. After downloading the file, extracting the zip, and copying them to C:\Program Files\VMware\VMware Virtual Disk Development Kit, click Verify.

All sections of 1. Set up prerequisites should now be green. Progress to Task 8.

All sectrions of 1. Set up prerequisites should now be green.

Task 9: Start Azure Migrate Continuous Discovery

Task 9.1: Set up vCenter Server Details

  1. Scroll to 2. Manage credentials and discovery sources section. Then, in Step 1: Provide vCenter Server credentials for discovery of VMware VMs​, click Add Credentials.
Then, in Step 1: Provide vCenter Server credentials for discovery of VMware VMs​, click Add Credentials.
  1. Then, on the pop-up window, enter the local vCenter account you created in Task 4.1 and click Save.
Then, on the pop-up window, enter the local vCenter account you created in Task 4.1 and click Save.
  1. Then, in Step 2: Provide vCenter Server details, select Add discovery source. After that, enter the vCenter server’s FQDN or IP address and click Save.

The Azure Migrate Discovery appliance will validate the vCenter and if successful, the status will display “Validation successful.”

Then, in Step 2: Provide vCenter Server details, select Add discovery source.
After that, enter the FQDN or IP address of the vCenter server and click Save.
The Azure Migrate Discovery appliance will validate the vCenter and if successful, the status will display "Validation successful."

Task 9.2: Configure Server Credentials

  1. In Step 3: Provide server credentials to perform software inventory, agentless dependency analysis, discovery of SQL Server instances and databases and discovery of web apps in your VMware environment., click Add credentials
  1. Then, in the Add credential pop-up, select the type, enter the details, and click Save.
In this section, you can provide multiple server credentials. In the second screenshot below, I provided the Windows Domain account credentials I created in Task 4.2. As shown in the first screenshot, you can add Linux, SQL, and Windows local credentials.
You can provide multiple server credentials in this section. In the screenshot below
Then, in the Add credential pop-up, select the type, enter the details and click Save.
Then, in the Add credential pop-up, select the type, enter the details and click Save.

Once all these tasks are completed, opening the project in Azure displays the current state of the service health.

Once all these tasks are completed, if you open the project in Azure, it will display the current state of the service health.

Task 9.3: Start VMware VM Discovery

To start discovering vCenter VM workloads, click Start discovery and wait for the discovery to complete.

To start discovering vCenter VM workloads, click Start discovery.

The discovery should take between 20-25 minutes. When it is completed, the Discovery status should show a green tick and you canm view the discovered inventory in Azure.

When it is completed, the Discovery status should show a green tick and you canm view the discovered inventory in Azure.

Task 9.4: View Discovered VMware Data

To view the vCenter discovered inventory in Azure, follow these steps:

  1. Sign in to Azure, search Azure migrate and open the resource. After that, expand Migration goals and select Servers, databases and web apps.

The Azure Migrate: Discovery and assessment should show the number of discovered servers.

  1. To view the discovered servers, click on the bumber.

My home lab vCenter environment has 3 servers – a Domain Controller (IPMvDC1), the Azure Migrate appliance VM (IPMvAzureAp) and the vCener Server (IPMvVCSA1).

My home lab vCenter environment has 3 servers

The only VM relevant for my migration is the DC. As seen in the above screenshot, the Azure Migrate discovery tool found 9 apps in the Domain Controller.

  1. To view the discovered applications and the roles and features installed on the server, click the application hyper-link.

Fianlly, to view the Windows Server roles installed on the server, click the Roles and features tab.

To view the discovered applications and the roles and features installed on the server, click the application hyper-link

This is a simplified scenarior compared to a real-world that may include Linux servers, SQL, other database servers and other applications. Howver, by following this guide, you should have completed the discovered phase of the Azure Migrate process.

To learn more, read how discovery works.

With the discovery stage completed, proceed to the part 2 of this guide, assessing discovered VMs .

About the Author

Photo of author

Victor Ashiedu

Victor is the founder of InfoPress Media, publishers of Ilifeguides and Itechguides. With 20+ years of experience in IT infrastructure, his expertise spans Windows, Linux, and DevOps. Explore his contributions on Itechguides.com for insightful how-to guides and product reviews.

Related Articles

Get in Touch

We're committed to writing accurate content that informs and educates. To learn more, read our Content Writing Policy, Content Review Policy, Anti-plagiarism Policy, and About Us.

However, if this content does not meet your expectations, kindly reach out to us through one of the following means:

  1. Respond to "Was this page helpful?" above
  2. Leave a comment with the "Leave a Comment" form below
  3. Email us at [email protected] or via the Contact Us page.

How to Migrate VMware VMs to Azure (1): Discover VMware VMs

Photo of author

By Victor Ashiedu

Published

The first step in migrating VMware VMs to Azure is to discover VMs using the Azure Migrate: Discovery and Assessment tool.

Overview of the Discovery and Assessment Tool

The Azure Migrate: Discovery and assessment tool is an Azure appliance you deploy in vCenter. When you deploy it, it continuously discovers VMware VM workloads and gathers performance information.

Specifically, this lightweight Azure Migrate tool gathers information about VM performance, applications running on the VMs servers, their dependencies, and databases.

Deploying this tool is the first step in preparing your VMware environment for a successful migration to Azure Cloud. In the remaining tasks in this guide, I’ll walk you through the steps to review the requirements for deploying this tool.

There are also steps to prepare your Azure account and VMware environment, deploy the Azure Migrate: Discovery and assessment tool appliance in vCenter, and initiate the discovery.

To complete the tasks in this guide, you need an Azure account. If you don’t have one, create a free one.

Let’s get this started!

Task 1: Configure Site-to-site VPN

Whenever I perform an on-premises VM to Azure migration, I first set up a site-to-site (S2S) VPN connection from the on-premises site to the Azure vNET, where the VMs will be migrated.

This is because, during the migration process, VMs you migrate to Azure can work with on-prem VMs that have yet to be migrated.

For example, migrating one VM to Azure first may be more efficient if you have a database and an app hosted in two VMs. In this scenario, you may not have enough windows to change both VMs on the same day.

So, say you move the database VM first. After the move, you can configure the app to continue using the migrated database VM. However, this would be impossible if you do not have a VPN connection to Azure.

Another great example is migrating Domain Controllers. You will likely be unable to migrate all your DCs to Azure in one change window.

If this happens, migrated DCs will continue replicating with on-prem DCs using the S2S VPN connection.

So, before proceeding with task 2 below, I strongly recommend creating a site-to-site VPN (complete steps 1 to 9) connection between your on-prem and Azure virtual network.

Task 2: Review the Discovery Prerequisites

Use the table below to ensure your environment meets the requirements for deploying the Azure Migrate: Discovery and assessment tool.

S/NvCenter Server and ESXi hostRequirement
1VMware VMsIt supports discovering the performance, configuration data, and apps on all Windows and Linux versions. Read about supported OS versions.

To discover installed apps, all VMware VMs must run VMware Tools (version 10.2.1 or later), and Windows Servers must run Windows PowerShell 2.0 or higher.

Use these links to read about supported SQL Server versions and configuration, SQL authentication, and supported web apps in Windows OS and IIS versions, supported Linux OS and Tomcat versions.
2Permissions for SQL Server accessThe Windows or SQL account must meet the Azure migrate discovery tool requirements to discover Microsoft SQL Server instances and databases.

You can use these steps to set up the SQL account that meets the requirements.
3vCenter Serve and ESXi hostYour vCenter server must be on version 5.5, 6.0, 6.5, 7.0, or 8.0. Similarly, ESXi hosts must be version 5.5 or higher.

The vCenter server and ESXi hosts must also allow inbound TCP port 443.
4Azure Migrate applianceYour vCenter server should have 32 GB of RAM, 8 vCPUs, and approximately 80 GB of disk storage to support the Azure Migrate appliance. It must also have an external virtual switch and an internet connection.
Table 1.0

Before moving on, based on the information in the table above, confirm the following and remediate any issues:

  1. Your vCenter server has at least 32 GB of RAM, 8 vCPUs, and 80 GB of storage.
  2. Also, check that the vCenter server has an external virtual switch and access to the internet.
  3. Check that port 443 is open on the vCenter server and all ESXi hosts it manages.
  4. Confirm that your vCenter server is running at least version 5.5
  5. Review the Windows, Linux, and SQL server requirements using the links provided in Table 1.0

Task 3: Prep the Azure Account

Later in this guide, you’ll create an Azure Migrate project and register an Azure Migrate appliance. To perform these tasks, you require an Azure account with the permissions detailed in the table below.

S/NPermissionReason for permission
1Contributor or Owner at Azure SubscriptionTo create an Azure Key Vault, which is required during agentless server migration.
2Application.ReadWrite.All permissionRequired to register an application in Microsoft Entra

If you created the Azure account you’re using for this project, your account will be assigned “Owner” permission at the subscription level.

If you created the Azure account you're using for this project, your account will be assigned "Owner" permission at the subscription level.

You could use this account to migrate in a lab or test environment. However, security best practices require applying the principle of least privilege for production migration.

I strongly recommend creating another Azure account dedicated to the migration project to meet this requirement. In the following sub-tasks, I have explained how to create an Azure account and grant it the least privileges required for the migration.

Task 3.1: Create an Azure Account

  1. Search for and open Microsoft Entra ID. Then, click +Add > Users > Create new user.
Then, click +Add > Users > Create new user.
  1. On the new account window, complete the required fields and click Review + create. Then, click Create.
On the new account window, complete the required fields and click Review + create - then, click Create.

Task 3.2: Grant the Account the Required Permissions

Run the following PowerShell commands from Azure Cloud Shell to grant the account “Application Administrator” role in Microsoft Entra and “Contributor” to your subscription.

#1. Get the user the user's ID

$userID = (Get-AzADUser -UserPrincipalName <[email protected]>).Id

#2. Get the Azure Subscription Id - change AZ-100 to the first few text in the subscription name

$subscriptionId = (Get-AzSubscription | Where-Object {$_.Name -like "*AZ-100*"}).Id

#3. Assign the Contributor role to the user in the subscription

$roleDefinition = Get-AzRoleDefinition -Name "Contributor"
New-AzRoleAssignment -ObjectId $userID -RoleDefinitionId $roleDefinition.Id -Scope "/subscriptions/$subscriptionId"

To grant the user the “Application Administrator” role, open the user’s properties in Microsoft Entra ID, click “Assigned roles,” check “Application Administrator,” and finally, click the Add button.

Grant the Account the Required Permissions

Before proceeding, confirm that the user has the “Contributor” role in the subscription.

Before proceeding, confirm that the user has the "Contributor" role in the subscription.

Task 4: Create VMware and Server Accounts

The Azure Migrate discovery appliance is a VMware appliance you deploy in vCenter. You require a vCenter account with these permissions to deploy it.

Similarly, Azure Migrate needs a read-only vCenter account to discover VMware VMs (servers). Finally, to allow Azure Migrate to discover installed applications and agentless dependency analysis in VMware servers, enable the Guest operations Privilege in the account.

Azure Migrate also requires a local or domain account on with local administrator permission on Windows server and on Linux servers, a sudo user account with permissions to execute ls and netstat commands.

Based on the abovementioned requirements, I will create a local vCenter account with these permissions. This account will be used for OVF deployment and agentless discovery.

Similarly, I will create a domain account – my test environment is a Windows environment – and add the account to the local administrators account for the VMware VMs running Windows Server.

Task 4.1: Create a Local vCenter Account

In this sub-task, I’ll create a vCenter user and add the account to the vCenter local administrators group.

  1. Sign in to vCenter via a browser, click the menu, and choose Administrator.
  1. Then, on the Single Sign On section, click Users and Groups, then, click ADD under the Users tab.
Then, on the Single Sign On section, click Users and Groups, then, click ADD under the Users tab.
  1. Enter the account details and click ADD.
Enter the account details and click ADD.
  1. To add the newly created user to the Administrators group, click Global Permissions under Access Control, then click ADD. After that, select the options in my second screenshot below and click OK.
To add the newly created user to the Administrators group, click Global Permissions under Access Control, then click ADD.
After that, select the options in my second screenshot below and click OK.

Before moving on to Task 4.2, confirm that the account is in the list.

Task 4.2: Create a Windows Domain Account

Open PowerShell as administrator and run these commands. Run #1 and 2 in a Domain Controller and #3 on the Windows VMware VM. If the VMware VM is a Domain Controller, run command #4 to add the user to the domain’s administrators group

#1. Set the variables - change $ADLocation variable to the DN of the OU you want to create the account

$Username = 'azure-mig-dsad'
$ADLocation = 'OU=Service Accounts,DC=lab,DC=infopressmedia,DC=com'

$Credential = (Get-Credential -UserName $Username -Message "Enter the password for the $Username")

#2. Create the user

New-ADUser -Name $Username -Path $ADLocation -PasswordNeverExpires $true -AccountPassword $Credential.Password -Enabled $true

#3. Add the Windows domain account to the Windows VMware VM's local administrators account - run this command on each Windows VMware VM

Add-LocalGroupMember -Group "Administrators" -Member "lab\azure-mig-dsad"

#4. Add the Windows domain account to the Windows domain administrators group

Add-ADGroupMember -Identity "Administrators" -Members azure-mig-dsad

If you have Linux Servers in your VMware environment, see the Linux servers section in Create an account to access servers.

Task 5: Install VMware Tools

The Azure Migrate agentless migration uses Vmware tools to discover applications installed on the VMware servers you’re migrating. So, it is important to confirm that the latest VMware tools are installed on all VMs you intend to migrate.

Agentless dependency analysts will fail if a VM is not running VMware tools.

Task 6: Create an Azure Migrate Project

Now that you’ve prepared the VMware environment, creating an Azure Migrate project is time. Follow these steps to create an Azure Migrate project.

  1. Sign in to your Azure account, search Azure Migrate, and open the resource.
Sign in to your Azure account, search Azure Migrate and open the resource.
  1. On the Getting started tab, click discover, assess, migrate in the Servers, databases and web apps section. After that, click Create project.
On the Getting started tab, click discover, assess, migrate in the Servers, databases and web apps section.
After that, click Create project.
  1. Then, on the Create project window, select the subscription and resource group (RG) to create the project under. Then, enter a name and select the Azure region to create the project.
If you do not have an existing RG or want to create a new one, click Create new under the Resource group drop-down.
Then, on the Create project window, select the subscription and resource group (RG) to create the project under.
  1. After entering the details, click Create, then wait for the project to be deployed. When the project is fully created, proceed to Task 6 below.
Note that the Azure Migrate project has two section: 1, Azure Migrate: Discovery and assessment and 2, Migration and modernization.
After entering the details, click Create, then wait for the project to be deployed. When the project is fully created, proceed to Task 6 below.

Task 7: Download the Appliance’s OVA File

Task 7.1: Generate the Project Key

  1. On the Azure Migrate: Discovery and assessment section of the Azure Migrate project, click the Discover drop-down and choose Using appliance.
On the Azure Migrate: Discovery and assessment section of the Azure Migrate project, click the Discover drop-down and choose Using appliance.
  1. Then, click the Are your servers virtualized? drop-down and choose Yes, with VMware vSphere hypervisor.
click the Are your servers virtualized? drop-down and choose Yes, with VMware vSphere hypervisor.
  1. After that, on the 1: Generate project key, enter a name for the VMware appliance in the Name your appliance field, then click Generate key.

When you click Generate key, Azure will start creating the required Azure resources – DO NOT close the windows while the resources are being created.

Azure create two resources – a Recovery Services vault and a
Key vault – in the region you created the resource group.
Generate project key, enter a name for the VMware appliance in the Name your appliance field, then click Generate key
When you click Generate key, Azure will start creating the required Azure resources - DO NOT close the windows while the resources are being created.
  1. When Azure finishes creating the resources, it will generate the project key. Copy the key and save it in a file.
When Azure finishes creating the resources, it will generate the project key. Copy the key and save it in a file.

Task 7.2: Download the OVF File

To download the Azure Migrate Discovery appliance VM OVF file, choose the “.OVA file” option in 2: Download Azure Migrate appliance and click the dowload link.

Task 7.3: Verify the OVF File

After downloading the OVF file, before importing it to your vCenter server, verify the file’s security using these steps:

  1. Open Command Prompt as administrator. Then, run the command below to generate the hash for the downloaded OVA file.
CertUtil -HashFile <file_location> <hashing_agorithm>

I ran the command below to generate the has for my OVA file.

CertUtil -HashFile "D:\Azure Migrate\MicrosoftAzureMigration.ova" SHA256
  1. Note the has file and compare it to the hash for the latest OVA file. The first screenshot below, shows the hash file from the previous link – the latest OFA file as of September 2024 when I wrote this guide.

Meanwhile, the second screenshot shows the has of my downloaded OVA file. The has of the two files are the same, so my downloaded file is safe!

Note the has file and compare it to the hash for the latest OVA file
Meanwhile, the second screenshot shows the has of my downloaded OVA file. The has of the two files are the same so my downloaded file is safe!

Task 8: Set Up the Appliance in vCenter

Task 8.1: Configure the Appliance in vCenter

  1. Sign in to vCenter with an account that has the permission to create VMs using OVA files.
  2. After that, upload the OVA file into vCenter, then, wait for the file to upload.
After that, upload the OVA file into vCenter.
  1. Once the OVA file is uploaded to vCenter, right-click the vCenter location you want to deploy the OFA file and choose Deploy OVF Template.
Once the OVA file is uploaded to vCenter, right-click the vCenter location you want to deploy the OFA file and choose Deploy OVF Template.
  1. Then, on the first page of the wizard, use choose the second option and use the UPLOAD FILES button to select the OVA file from the folder you saved it in your computer. Once the file is verified, click Next.
  1. Give the Azure Appliance a name and select the vCenter location to deploy it – I’m deploying mine in my vCenter cluster. After the compactibility test, click Next again to progress to the next stage.
Give the Azure Appliance a name and select the vCenter location to deploy it - I'm deploying mine in my vCenter cluster.
  1. After that, wait for vCenter to display information about the template, then click Next.
After that, wait for vCenter to display information about the template, then click Next.
  1. Finally, select the datastore, VM Network, and click FINISH to deploy the Azure Migragrate VM appliance. Wait for the appliance to be set up in vCenter.
Wait for the appliance to be set up in vCenter.

The Azure Migrate appliance is assigned 32 GB of RAM and 4 CPUs.

The Azure Migrate appliance is assigned 32 GB of RAM and 4 CPUs.

Since I’m running this migration in my home lab – the vCenter server does not have up to 32 GB – I modified the appliance’s VM RAM to 8 GB and 2 vCPUs.

Task 7.2: Configure the Appliance

  1. Power up the Azure Migrate appliance. Then, click on it to open the console.
Power up the Azure Migrate appliance. Then, click on it to open the console.
  1. On the VM’s console, accept the license agreement, and set a password for the local administrator account. The Server will be assigned an IP address by your DHCP server.

However, to be able to access the appliance from a consistent IP address, log in to the VM with the local administrator account and assign it a static IP address.

If you want to access the appliance via its name instead of IP address, create a host A record. I will be managing mine via its IP address.

  1. From a browser on any PC that can reach the Azure Migrate VM appliance’s IP address, open its IP on port 44368.

The browser will display a warning, click Advanced and proceed. Then, sign in with the local administrator credentials of the appliance.

https://192.168.0.116:44368/
Then, sign in with the local administrator credentials of the appliance.
  1. Once you sign in, accept the Azure Migrate licence agreement. After that, the appliace will test connection to and time synch with Azure.
Once you sign in, accept the Azure Migrate licence agreement.
After that, the appliace will test connection to and time synch with Azure.

Task 8.3: Register the Appliance in Azure Migrate

To register the vCenter appliance with Azure, follow these steps:

  1. Enter the project key you copied in Task 6.1, step 3 in the registration field, and click Verify. The key will be verified, and the appliance will initiate an auto-update. According to the notes, this may take up to 5 minutes.
If you did not save the project key earlier, open the follow my numbering in screenshots 3-6 below.
Enter the project key you copied in Task 6.1, step 3 in the registration field and click Verify
If you did not save the project key earlier, open the follow my numbering in screenshots 3-5 below.
If you did not save the project key earlier, open the follow my numbering in screenshots 3-5 below.
If you did not save the project key earlier, open the follow my numbering in screenshots 3-5 below.
  1. When the appliance auto-update is completed, the login button will be activated. Sign in to your account account by clicking the Login button.
Sign in with the Azure account you created for migration purposes in Tasks 3.1 and 3.2. If the auto-update takes more than 5 minutes, wait as it may take longer than that.
  1. Then, from the pop-up, click Copy code and login.
Then, from the pop-up, click Copy code and login.
  1. Paste the code and click Next.
Paste the code and click Next.
  1. Then, sign in to Azure with the account you created for the migration. After signing in, wait for the appliance to register in Azure.
If required, after siggning in, follow the steps to download Microsoft authenticator app and set up 2FA.
Then, sign in to Azure with the account you created for the migration.
 After signing in, wait for the appliance to register in Azure.

If the appliance registration fails, click the error details, wait about 5 minutes, and then click and click Re-try.

  1. When the appliance is successfully registered to Azure, download and install the VMware Virtual Disk Development Kit.
When the appliance is successfully registered to Azure, downlaod and install VMware Virtual Disk Development Kit.
The link required to download the VMware Virtual Disk Development Kit requires a Broadcom partner account. Since I was deploying in a home lab, I do not have a Broadcom partner account. I downloaded the file from here (download the .zip file).
Since I was deploying in a home lab, I do not have a Broadcom partner account.
  1. After downloading the file, extracting the zip, and copying them to C:\Program Files\VMware\VMware Virtual Disk Development Kit, click Verify.

All sections of 1. Set up prerequisites should now be green. Progress to Task 8.

All sectrions of 1. Set up prerequisites should now be green.

Task 9: Start Azure Migrate Continuous Discovery

Task 9.1: Set up vCenter Server Details

  1. Scroll to 2. Manage credentials and discovery sources section. Then, in Step 1: Provide vCenter Server credentials for discovery of VMware VMs​, click Add Credentials.
Then, in Step 1: Provide vCenter Server credentials for discovery of VMware VMs​, click Add Credentials.
  1. Then, on the pop-up window, enter the local vCenter account you created in Task 4.1 and click Save.
Then, on the pop-up window, enter the local vCenter account you created in Task 4.1 and click Save.
  1. Then, in Step 2: Provide vCenter Server details, select Add discovery source. After that, enter the vCenter server’s FQDN or IP address and click Save.

The Azure Migrate Discovery appliance will validate the vCenter and if successful, the status will display “Validation successful.”

Then, in Step 2: Provide vCenter Server details, select Add discovery source.
After that, enter the FQDN or IP address of the vCenter server and click Save.
The Azure Migrate Discovery appliance will validate the vCenter and if successful, the status will display "Validation successful."

Task 9.2: Configure Server Credentials

  1. In Step 3: Provide server credentials to perform software inventory, agentless dependency analysis, discovery of SQL Server instances and databases and discovery of web apps in your VMware environment., click Add credentials
  1. Then, in the Add credential pop-up, select the type, enter the details, and click Save.
In this section, you can provide multiple server credentials. In the second screenshot below, I provided the Windows Domain account credentials I created in Task 4.2. As shown in the first screenshot, you can add Linux, SQL, and Windows local credentials.
You can provide multiple server credentials in this section. In the screenshot below
Then, in the Add credential pop-up, select the type, enter the details and click Save.
Then, in the Add credential pop-up, select the type, enter the details and click Save.

Once all these tasks are completed, opening the project in Azure displays the current state of the service health.

Once all these tasks are completed, if you open the project in Azure, it will display the current state of the service health.

Task 9.3: Start VMware VM Discovery

To start discovering vCenter VM workloads, click Start discovery and wait for the discovery to complete.

To start discovering vCenter VM workloads, click Start discovery.

The discovery should take between 20-25 minutes. When it is completed, the Discovery status should show a green tick and you canm view the discovered inventory in Azure.

When it is completed, the Discovery status should show a green tick and you canm view the discovered inventory in Azure.

Task 9.4: View Discovered VMware Data

To view the vCenter discovered inventory in Azure, follow these steps:

  1. Sign in to Azure, search Azure migrate and open the resource. After that, expand Migration goals and select Servers, databases and web apps.

The Azure Migrate: Discovery and assessment should show the number of discovered servers.

  1. To view the discovered servers, click on the bumber.

My home lab vCenter environment has 3 servers – a Domain Controller (IPMvDC1), the Azure Migrate appliance VM (IPMvAzureAp) and the vCener Server (IPMvVCSA1).

My home lab vCenter environment has 3 servers

The only VM relevant for my migration is the DC. As seen in the above screenshot, the Azure Migrate discovery tool found 9 apps in the Domain Controller.

  1. To view the discovered applications and the roles and features installed on the server, click the application hyper-link.

Fianlly, to view the Windows Server roles installed on the server, click the Roles and features tab.

To view the discovered applications and the roles and features installed on the server, click the application hyper-link

This is a simplified scenarior compared to a real-world that may include Linux servers, SQL, other database servers and other applications. Howver, by following this guide, you should have completed the discovered phase of the Azure Migrate process.

To learn more, read how discovery works.

With the discovery stage completed, proceed to the part 2 of this guide, assessing discovered VMs .

About the Author

Photo of author

Victor Ashiedu

Victor is the founder of InfoPress Media, publishers of Ilifeguides and Itechguides. With 20+ years of experience in IT infrastructure, his expertise spans Windows, Linux, and DevOps. Explore his contributions on Itechguides.com for insightful how-to guides and product reviews.

Related Articles

Get in Touch

We're committed to writing accurate content that informs and educates. To learn more, read our Content Writing Policy, Content Review Policy, Anti-plagiarism Policy, and About Us.

However, if this content does not meet your expectations, kindly reach out to us through one of the following means:

  1. Respond to "Was this page helpful?" above
  2. Leave a comment with the "Leave a Comment" form below
  3. Email us at [email protected] or via the Contact Us page.

Leave a comment

Send this to a friend