By Nic Fragale, Sr. Sales Engineer and Solutions Architect at NetFoundry
By Erico Penna, Sr. Partner Solutions Architect at AWS
Cloud-hosted applications can help organizations realize cost savings by reducing total cost of ownership (TCO). They can also help you increase staff productivity, improve operational resilience by leveraging Amazon Web Services (AWS) global infrastructure, and achieve business agility by “getting to revenue” faster while reducing infrastructure overhead.
Cloud migration introduces challenges for network systems, however. The network configurations designed for on-premises usually don’t work well for the cloud.
Traditional methods of cloud connectivity that use private circuitry, virtual private networking (VPN) technologies, and dedicated MPLS connections are cumbersome, expensive, and can take months to deploy.
Much like how cloud implements software-defined and API-based services to deliver agility and scalability for infrastructure, cloud applications require networking that delivers agility, scalable performance on a global basis, and has next-generation security capabilities designed in.
NetFoundry implements cloud-based orchestration and APIs to instantly spin up and manage Zero Trust, performant, edge-to-cloud networks over the internet.
NetFoundry, an AWS Advanced Technology Partner, is collaborating with CloudEndure Migration to accelerate the entire application migration process to AWS. The NetFoundry Zero Trust platform optimizes network throughput performance for CloudEndure migrations.
CloudEndure streamlines application migrations with automation and orchestration to convert your physical or virtual servers from their source infrastructure to AWS.
In this post, you will see how the combined NetFoundry and CloudEndure Migration solution achieves a 23.5 percent to 79.2 percent reduction in the time required to migrate versus a baseline in four different scenarios. Keep in mind that many factors influence the performance of data movement over a network, such as latency, capacity of bandwidth, congestion, routing challenges, and others.
You’ll see NetFoundry and CloudEndure Migration components, architecture, how they integrate with each other, and how to set up each system.
About CloudEndure Migration
CloudEndure Migration simplifies, expedites, and automates migrations from physical, virtual, and cloud-based infrastructure to AWS.
If you’re looking to quickly rehost a large number of machines to AWS, you can use CloudEndure Migration without worrying about compatibility, performance disruption, or long cutover windows. Any re-architecture that needs to be done can be performed more easily after your machines are running on AWS.
CloudEndure Migration continually replicates your source machines into a staging area in your AWS account, without causing downtime or impacting performance. When you are ready to launch the production machines, CloudEndure Migration automatically converts your machines from their source infrastructure into the AWS infrastructure so they can boot and run natively on AWS.
You can migrate all applications and databases that run on Windows Server versions 2003/2008/2012/2016/2019 and Linux distributions, such as CentOS, RHEL, OEL, SUSE, Ubuntu, and Debian. CloudEndure Migration supports common databases, including Oracle and SQL Server, as well as enterprise applications such as SAP.
CloudEndure Migration components:
- CloudEndure Migration Service (Console) – Web-based orchestrator. The administrator has options as to how migration is to be performed, including mass instruction through API interaction, a “blueprint” for how the orchestration occurs, and the ability to migrate via internet or VPN/AWS Direct Connect.
- CloudEndure Migration Client Agent – Software on an endpoint operating system (OS) that block-copies local disks and securely migrates the operating system and data to AWS.
- CloudEndure Migration Replication Server – Software instance created on-demand by the service in the target AWS location that receives the migrated data from the CloudEndure Migration Client Agent and stores it in Amazon Elastic Block Storage (EBS) volumes.
NetFoundry is a leader in application-specific networking, enabling businesses to instantly connect distributed applications with ease and simplicity. The NetFoundry platform tackles the challenges of speed to migrate to AWS with Network-as-a-Service (NaaS) orchestration of a dynamic high-performance global networking fabric.
Application-specific segmentation across this global cloud fabric is created through a methodology called AppWANs.
Media outlets have coined the phrase Secure Access Secure Edge, or SASE, to describe what is accomplished by a NetFoundry AppWAN. This enables organizations to quickly spin up and scale out secure, compliant, performant, distributed applications while securing traffic across multiple layers and adaptively optimizing performance and throughput.
Zero Trust networking and enhanced performance are core capabilities provided by the NetFoundry platform.
- NetFoundry Service (Console) – Web-based orchestrator. The administrator has options as to how the network is segmented for access, as well as the ability to programmatically perform all actions through API interaction and automate intelligence for calls to action.
- NetFoundry Client [/Gateway] – Software on an endpoint OS that performs ingress translation into the NetFoundry fabric. This is co-installed with the CloudEndure Migration Client Agent.
- NetFoundry Cloud Gateway – Software image available in AWS Marketplace as an Amazon Machine Image (AMI) that performs egress translation out of the NetFoundry Transit Fabric towards an application service. This software is located where the CloudEndure Migration Replication Server will be created.
- NetFoundry AppWAN – Logical groupings of services (Application IP Hosts or IP Subnets) accessible in the Local Area Network (LAN) of one or more geographically differentiated NetFoundry Cloud Gateways. NetFoundry AppWANs are similar in function to Network Access Control Lists (ACLs) which occur in firewalls, except they are created in the NetFoundry Cloud and enforced at NetFoundry Clients and Gateways.
- NetFoundry Transit Fabric – On-demand data transport network that NetFoundry manages as a service, which customers control via web console and API.
Some of the enhancing features of the access method include:
- 99.99+ percent availability: NetFoundry managed network service is highly resilient and self-healing.
- Resilient, highly available fabric: Multiple tier one providers give all endpoints a set of resilient and robust paths.
- Zero Trust: Endpoints authenticate in the cloud before access is granted at the edges.
- Multi-circuit access: 1+ internet connections aggregate for a unified per-packet large logical circuit.
- Dynamic, real-time routing: Endpoint algorithms choose best paths in real-time (router to router).
- Performance enhancing transports: Endpoints utilize multiple protocols to improve performance.
- Edge to cloud: Routers run on edges, in cores and on clouds, providing maximum route diversity.
- Least privileged access: Each session only has access to specified services, providing app-level micro segmentation and isolation while preventing lateral attacks.
Figure 1 below summarizes the high-level components of NetFoundry’s migration solution.
- The NetFoundry Gateway software endpoints are installed and registered to the customer’s private NetFoundry Network.
- An AppWAN is provisioned to permit access over the NetFoundry Fabric to the IP Host or Subnet within the Amazon Virtual Private Cloud (VPC).
- The endpoints make real-time decisions on how to send and receive data using multiple paths over the NetFoundry Fabric (internet).
Figure 1 – NetFoundry overlay fabric and AppWAN segmented access.
Figure 2 illustrates the detailed interactions between CloudEndure Migration and the NetFoundry networking fabric.
- Data replication is encrypted and compressed by the CloudEndure Migration software.
- Data is sent to the private IP of the Replication Server in the target staging area. The destination will be recognized by the NetFoundry Gateway software and sent to the CloudEndure Replication Server over the NetFoundry Fabric.
- Data exits the NetFoundry Fabric and is sent to the LAN reachable CloudEndure Replication Server for storage.
Figure 2 – CloudEndure Migration with NetFoundry fabric.
The setup of the solution utilizes the CloudEndure Migration console and NetFoundry console. Automation through RESTful APIs are available in both systems for most steps, which reduces the already diminutive preparation time significantly.
Additionally, a NetFoundry Network may exist prior to a CloudEndure migration, or other available services, and be utilized for the purpose of migration when the need arises.
This section covers:
- Configuring NetFoundry
- Configuring AWS CloudEndure Migration
- Basic understanding of IP networking, VPCs, and NetFoundry AppWANs.
- CloudEndure Migration license, available at no cost.
- NetFoundry subscription.
- AWS account, so you can access a VPC in an appropriate region.
- Sign in to the NetFoundry console.
- Click the + button in the upper left corner. Within the dialog, select Add a New Network.
- Click the + button in the upper left corner. Within the dialog, select Add a New AppWAN.
- Click the Cloud Migration AppWAN option.
- Follow the dialog questions to name and identify the involved components of the migration.
- Review the configuration and ensure it’s correct on the final dialog screen. Download software as required.
Configuring CloudEndure Migration Project and Network
- Sign in to the CloudEndure console.
- On the user console, click the + button in the upper left corner.
- On the Create New Project dialog box, set the following, and then click Create Project:
- Project name – Enter a unique name for the project. The name can contain up to 255 characters.
- Project type – Select either Disaster Recovery or Migration.
- Target cloud – CloudEndure exclusively utilizes the AWS Cloud as a target infrastructure.
- License – Select a License Package to associate with your migration project.
- Next, go to Setup & Info and define your Migration Source and Migration Target.
- Select Subnet matching NetFoundry AppWAN.
- Select VPN or Direct Connect… to use the Replication Server’s private IP in the AWS target destination.
Installing NetFoundry and CloudEndure Migration Agent
Download installation programs for NetFoundry Client software and CloudEndure Migration software to the source machine, which can be any CloudEndure Migration supported operating system.
NetFoundry also supports Gateway mode in which multiple CloudEndure Migration software utilizes one or more NetFoundry Gateways in the source LAN.
Install both programs from the command line of the OS. You can automate the process to simplify it:
- Instructions for CloudEndure – Click “Installing the CloudEndure Agents”
- Instructions for NetFoundry – Click “Client & Gateway Endpoints”
When you configured the products, you received a registration code for NetFoundry and an Agent Installation Token for CloudEndure Migration. These registration codes identify the machines involved to the respective Consoles.
After the Migration
When you are finished with the migration, remember to remove your CloudEndure project and NetFoundry AppWAN.
If desired, NetFoundry AppWAN may persist after the migration, for continual replication or other activities which require the source machine to communicate to the destination VPC.
Once migration is complete, you can install NetFoundry Client software on other endpoints, which may be given direct, secure, and highly performant access to the VPC by way of the AppWAN.
Now that you know how to configure the environment, let’s move on to some experiments that illustrate common scenarios that CloudEndure Migration is used for, and how application of NetFoundry enhances the migration.
- Replication size: Size, in gigabytes, of the disk on the source machine that’s being migrated.
- Induced factors: Changes to the transport showing performance of the migration in different situations.
- Native factors: Innate qualities of the transport such as latency and packet loss.
Experiments #1 and #2
For the following outcomes, % Time Decrease is measured with the formula:
[(original_value – new_value)/original_value * 100]
The South Korea experiment emphasized heightened performance for long-distance migrations with an added destructive (lossy) presence. Watch a demo video.
The Oregon to N. Virginia experiment emphasized heightened performance for USA centric (AWS to AWS) migrations. Watch a demo video.
Experiments #3 and #4
For the following outcomes, % Time Decrease is measured with the formula:
[(original_value – new_value)/original_value * 100]
The Oregon to N. Virginia experiment emphasized heightened performance for USA centric (AWS to AWS) migrations when compared with an overlay VPN technology. Watch a demo video.
The last experiment emphasized heightened performance for larger disks for USA centric (AWS to AWS) migrations when compared with an overlay VPN technology. Watch a demo video.
In this post, you learned how to reduce time to ready for a migration. An increase of throughput delivered by the underlying network and transport directly correlates to a reduction of time to ready.
The conclusion we draw from the presence of NetFoundry while performing a CloudEndure Migration is a substantial reduction of time to ready in the range of 23 percent to 79 percent.
CloudEndure Migration natively utilizes many techniques to enhance its own application’s throughput, and the enhancement to the transport network that NetFoundry complements results in an exponential boost to the throughput.
Disclaimer: The performance testing described in this post illustrates common scenarios, and every effort has been taken to ensure testing was conducted using real-world conditions and variables. Many factors affect performance testing and results will vary due to unknown and uncontrollable factors. Performance improvement information provided in this post is provided as general guidelines only. This information in no way represents any form of warranty or guarantee of performance implied or otherwise.
NetFoundry – AWS Partner Spotlight
NetFoundry is an AWS Advanced Technology Partner that is collaborating with CloudEndure Migration to accelerate the application migration process to AWS. The NetFoundry Zero Trust platform optimizes network throughput performance for CloudEndure migrations.
*Already worked with NetFoundry? Rate the Partner
*To review an AWS Partner, you must be a customer that has worked with them directly on a project.