Migration Center
Migration Center
- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
-
New Edition
- Permissions Management
- Settings Management
- Surveys
- Resource Discovery
- Application Management
- Migration Preparations
- Migration Solutions
- Migration Plans
- Migration Clusters
- Migration Workflows
- Big Data Migration (from MaxCompute to DLI)
- Big Data Verification
-
Old Edition
- Permissions Management
- Settings Management
- Migration Surveys
- Resource Discovery
- Application Management
- Big Data Lineage
- Migration Solutions
- Migration Plans
- Migration Clusters
- Migration Workflows
- Big Data Migration
- Big Data Verification
-
New Edition
-
MgC Agent Usage Guide
- MgC Agent Overview
- Downloading and Installing the MgC Agent (Formerly Edge)
- Local Discovery and Collection
- Connecting the MgC Agent to MgC
- Agent-based Discovery
-
Collector-based Discovery
- Creating a Collection Task
- Managing Collectors
-
Configuring Collector Parameters
- Kubernetes Static Collector (app-discovery-k8s)
- Kubernetes Conntrack Collector (app-discovery-k8s-conntrack)
- Kubernetes Pod Network Collector (app-discovery-k8s-pod-net)
- Process and Network Collector (app-discovery-process-netstat)
- Windows Process and Network Collector (app-discovery-process-netstat-win)
- RabbitMQ Collector (app-discovery-rabbitmq)
- Kafka Collector (app-discovery-kafka)
- Eureka Collector (app-discovery-eureka)
- Redis Collector (app-discovery-redis)
- MongoDB Collector (app-discovery-mongodb)
- MySQL-General Log Collector (app-discovery-mysql-generallog)
- MySQL-JDBC Collector (app-discovery-mysql-jdbc)
- Nginx Configuration Collector (app-discovery-nginx)
- Cloud VPC Log Collector (app-discovery-cloud-vpc-log)
- Nacos Collector (app-discovery-nacos)
- Application Configuration Collector (app-discovery-application-config)
- Best Practices
-
FAQs
- What Are the Requirements for the Server for Installing the MgC Agent (Formerly Edge)?
- How Do I Run the MgC Agent in Compatibility Mode?
- What Can I Do If the MgC Agent (Formerly Edge) Is Offline?
- Why Can't the MgC Agent (Formerly Edge) Start After Being Installed?
- How Do I Upgrade the MgC Agent (Formerly Edge) to the Latest Version?
- How Do I Uninstall the MgC Agent (Formerly Edge)?
- How Do I Restart the MgC Agent (Formerly Edge)?
- How Do I Check the Current MgC Agent Version (Formerly Edge)?
- How Do I Obtain Run Logs of the MgC Agent (Formerly Edge) on Linux?
- How Do I Fix the Error "The collector is not installed" When a Discovery Task Fails?
- How Do I Obtain the Hive Metastore Credential Files?
- What Can I Do If the Port Required by the MgC Agent Is Occupied and the Installation Fails?
- What Can I Do If AK/SK Verification Fails?
- How Do I Configure WinRM and Troubleshoot WinRM Connection Problems?
- What Do I Do If the Credential List Is Empty When I Create a Data Connection for Big Data Verification?
-
Best Practices
- Configuring Permissions Required for Server Migration
-
Server Migration
- Network Requirements for Server Migration
- Migrating On-premises Servers to Huawei Cloud
- Migrating Servers from Alibaba Cloud to Huawei Cloud
- One-stop Cross-AZ ECS Migration
- Migrating Servers Across AZs on Huawei Cloud
- Migrating Servers to FlexusX Instances (Original HECS X Instances)
- Keeping Private IP Addresses of Servers Unchanged After the Migration
- Batch Modifying and Restoring the Host Configurations for Linux Source Servers
- Batch Modifying and Restoring the Host Configurations for Windows Source Servers
-
Storage Migration
- Migrating Data from Other Cloud Platforms to Huawei Cloud
- Migrating Data from Multiple Source Buckets by Prefix
- Migrating Archive (Cold) Data
- Migrating Data from SFS 1.0 to SFS 3.0
- Performing a NAS-to-NAS Migration and Service Cutover
- Migrating File Systems in Batches
- Migrating Data from MinIO to Huawei Cloud OBS over HTTP
- Migrating Data from Ceph to Huawei Cloud OBS over HTTP
- Reducing Disk Capacity for Target Servers
- Resizing Disks and Partitions for Target Servers
- Collecting Details of Azure Kubernetes Service (AKS) Resources
- Collecting Details of Google Cloud GKE Resources
- Collecting Details of AWS Container Resources
- Collecting Details of Self-built Oracle Databases
-
Verifying Big Data Consistency After Migration
- Verifying the Consistency of Data Migrated from MaxCompute to DLI
- Verifying the Consistency of Data Migrated Between MRS ClickHouse Clusters
- Verifying the Consistency of Data Migrated from Alibaba Cloud EMR ClickHouse to Huawei Cloud MRS ClickHouse
- Verifying the Consistency of Data Migrated from Alibaba Cloud ApsaraDB for ClickHouse to Huawei Cloud MRS ClickHouse
- Verifying the Consistency of Data Migrated from Alibaba Cloud ApsaraDB for ClickHouse to Huawei Cloud CloudTable ClickHouse
- Verifying the Consistency of Data Migrated Between MRS Doris Clusters
- Verifying the Consistency of Data Migrated Between MRS Doris Clusters or from CDH or EMR to MRS Doris
- Verifying the Consistency of Data Migrated from Alibaba Cloud MaxCompute to Huawei Cloud DLI
- Verifying the Consistency of Data Migrated Between MRS HBase Clusters
- Verifying the Consistency of Data Migrated from Delta Lake (with Metadata) to MRS Delta Lake
- Verifying the Consistency of Data Migrated from Delta Lake (without Metadata) to MRS Delta Lake
- Migrating Big Data Without Using the Internet
- BigData Migration Cockpit
-
FAQs
-
Product Consultation
- How Do I Assign the Permissions Required for Using MgC to IAM Users?
- Where Is MgC Available?
- How Do I Prepare for Using MgC?
- How Do I Fix the Error "Failed to access IAM. Check the current user's IAM permissions"?
- Why Can't I Sign the Privacy Statement and Use MgC?
- How Does MgC Ensure Data Security?
- Does Data Collection Affect My Source Services?
-
Network Settings
- What Can I Do If a Source Server Fails the Migration Readiness Check Because Its IP address or Port Is Unreachable?
- What Can I Do If a Source Server Fails the Migration Readiness Check Because the Username or Password Is Incorrect?
- How Do I Fix the Error "Deliver Command to Edge Failed" When a Source Server Fails the Migration Readiness Check?
- What Can I Do If a Source Server Fails the Migration Readiness Check Due to an Unreachable Port, Incorrect Firewall Settings, or Insufficient Access Permissions?
- What Can I Do If Deep Collection Fails on a Source Server Due to Disabled WinRM or an Unreachable IP Address or Port?
-
Server Migration
- How Do I View the Migration Progress When the Migration Workflow Is in the Running State?
- Why the Workflow Status Is Always "Running"?
- How Do I Fix the Error "Edge is not accessible" When a Step in the Migration Workflow Fails?
- How Do I Fix the Error "Server Require to Bind Credential First..." When the Migration Workflow Fails on a Source Server?
- How Do I Handle Resource Exceptions during a Batch Server Migration?
- What Are the Known Errors Related to Server Migration Workflows and How Can I Fix Them?
- What Can I Do If an Error Occurs During the Migration of a VMware Server?
- What Are the Information Mappings Between MgC and SMS?
- Why Is the Migration Progress Inconsistent Between MgC and SMS?
- What Do I Do If I Use a sudo User to Migrate a Source Server and the Server Fails the Source Environment Check?
- What Can I Do If the StartUpAgent Step Fails and the Error Message "System.OutOfMemoryException" Is Displayed?
- How Do I Fix the Error "SMS-Workflow.0503: SMS migration task failed. SMS.xxxx?"
- What Do I Do If Some Disks Are Not Attached to the Target Server After the Migration Is Complete?
-
Storage Migration
- What Are the Restrictions on Using MgC for Storage Migration?
- What Are the Requirements for the Source and Target Environments?
- How Do I Choose the Right Specifications for a Migration Cluster?
- What Affects the Migration Speed of Large Objects?
- What Affects the Migration Speed of Small Objects?
- How Do I View Key Metrics that Affect the Migration Speed?
- Why Is My Storage Migration Workflow Stalled for a Long Time?
- When I Migrate HTTP/HTTPS Data to Huawei Cloud OBS, How Are the Objects with the Same Name but Different URLs Processed?
- When I Migrate Data from OBS to NAS on Huawei Cloud, How Are Objects with the Same Name but Different Capitalization Processed?
- What Are the Constraints on the Length of Object Paths for Migrations Between OBS, NAS, and SMB Storage Systems on Huawei Cloud?
- How Do I Resolve the Problem that a Migration Cluster Fails to Be Created?
- How Do I Obtain Credentials for Accessing Microsoft Azure?
- What Do I Do If the Storage Migration Workflow Fails and "COMPARISON_ATTRIBUTE_NOT_SAME" Is Displayed?
- How Do I Choose Storage Classes?
- What Do I Do If a Migration Task Fails?
- Cross-AZ Migration
- Migration Surveys
-
Resource Discovery
- Known Resource Discovery Problems and Solutions
- Where Can I Find the Collection Failure Cause?
- What Can I Do If an Internet Discovery Task Fails and the Error Message "Network connection timed out" or "Other exception" Is Displayed?
- How Do I Collect Data from a Data Source Again If the Previous Collection Fails?
- How Do I Obtain the Cloud Platform Credentials (AK/SK Pairs)?
- How Do I Obtain the Information for Adding Azure Credentials to MgC?
- How Do I Obtain the Required Credentials Before Using MgC to Perform a Deep Collection for My Azure Object Storage Resources?
- How Do I Configure the Permissions Required for Collecting Details of Azure Containers?
- How Do I Convert the Encoding Format of a CSV File to UTF-8?
- What Can I Do If the Collected Disk Information Is Empty or Incorrect After a Deep Collection Is Performed for a Windows Source Server?
- What Can I Do If the Collected OS Information Is Incorrect After a Deep Collection Is Performed for a Windows Source Server?
- What Can I Do If an RVTools Import Fails?
- What Do I Do If the Deep Collection Succeeds on a Source Server but Some Specifications Information Is Not Collected?
-
Target Recommendations
- Where Can I Find the Assessment Failure Cause?
- Why Can't I Manually Select Target Server Specifications and Disk Types?
- What Can I Do If a Server Assessment Fails and the System Displays a Message Indicating No Proper Specifications Are Matched?
- What Can I Do If a Server Assessment Fails Because the Target Server Specifications Do Not Support Windows Images?
- What Types of Databases Can I Assess Using MgC?
- How Does MgC Generate Target Recommendations?
- Big Data Migration
-
Big Data Verification
- What Do I Do If the Credential List Is Empty When I Create a Data Connection for Big Data Verification?
- Why Are 0 or -1 Displayed in the Hive Verification Results?
- Why Does a Field in Hive Fail the Sum Verification?
- Why Do a Large Number of Tables Fail to Be Verified in a DLI Verification Task?
- How Do I Optimize the Verification Task When the Delta Lake Data Volume Is Large?
- How Do I Replace Packages Before I Create a Connection to a Secured HBase Cluster on the Target Cloud?
- How Do I Replace Packages When I Create a Verification Task for an MRS 3.1.0 Cluster Using Yarn?
- Known Issues and Solutions
-
Product Consultation
- General Reference
On this page
Help Center/
Migration Center/
Best Practices/
Configuring Permissions Required for Server Migration
Copied.
Configuring Permissions Required for Server Migration
Overview
- Create a user group named migration_users and assign the permissions required to use MgC and SMS to the user group. The IAM user to be created will inherit the permissions from the user group.
- For a user in the local admin group, create an IAM user who is named mgc-user, belongs to the migration_users user group, and has only programmatic access to Huawei Cloud. The IAM user is not allowed to access the Huawei Cloud console using a password.
- Provide the MgC Agent (formerly Edge) with the AK/SK pair generated when mgc-user is created. The AK/SK pair is used to register the MgC Agent with MgC and authenticate API calling during the migration.
Step 1: Create a User Group
- Log in to the IAM console.
- On the IAM console, choose User Groups from the left navigation pane, and click Create User Group in the upper right corner.
Figure 1 Creating a user group
Step 2: Create a Permissions Policy
- On the IAM console, in the navigation pane, choose Permissions > Policies/Roles and click Create Custom Policy in the upper right corner.
Figure 2 Creating a custom policy
- Create a policy for using SMS, a global cloud service. Enter a policy name, set Policy View to JSON, and copy the following content to the Policy Content box.
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "sms:server:registerServer", "sms:server:migrationServer", "sms:server:queryServer" ] }, { "Action": [ "mgc:*:*", "iam:agencies:listAgencies", "iam:roles:listRoles", "iam:quotas:listQuotas", "iam:permissions:listRolesForAgency" ], "Effect": "Allow" } ] }Figure 3 Creating a policy that defines the permissions required for using SMS
- Create a policy for using regional cloud services that SMS depends on. Enter a policy name, set Policy View to JSON, and copy the following content to the Policy Content box.
{ "Version": "1.1", "Statement": [ { "Action": [ "vpc:securityGroups:create", "vpc:securityGroupRules:create", "vpc:vpcs:create", "vpc:publicIps:create", "vpc:subnets:create", "ecs:cloudServers:create", "ecs:cloudServers:attach", "ecs:cloudServers:detachVolume", "ecs:cloudServers:start", "ecs:cloudServers:stop", "ecs:cloudServers:delete", "ecs:cloudServers:reboot", "ecs:cloudServers:updateMetadata", "ecs:serverPasswords:manage", "ecs:serverKeypairs:delete", "ecs:diskConfigs:use", "ecs:CloudServers:create", "ecs:servers:setMetadata", "ecs:serverVolumes:use", "ecs:serverKeypairs:create", "ecs:serverInterfaces:use", "ecs:serverGroups:manage", "ecs:securityGroups:use", "ecs:servers:unlock", "ecs:servers:rebuild", "ecs:servers:lock", "ecs:servers:reboot", "evs:volumes:use", "evs:volumes:create", "evs:volumes:update", "evs:volumes:delete", "evs:volumes:attach", "evs:volumes:detach", "evs:snapshots:create", "evs:snapshots:delete", "evs:snapshots:rollback", "ecs:*:get*", "ecs:*:list*", "evs:*:get*", "evs:*:list*", "vpc:*:list*", "vpc:*:get*", "ims:*:get*", "ims:*:list*" ], "Effect": "Allow" } ] }Figure 4 Creating a policy for using the regional cloud services that SMS depends on
Step 3: Assign Permissions
- On the IAM console, choose User Groups from the navigation pane.
- In the user group list, locate the user group created in step 1 and click Authorize in the Operation column.
Figure 5 Assigning permissions to the user group
- Search for and select the two custom policies created in step 2 and click Next.
Figure 6 Selecting the created custom policies
- Select Region-specific projects for Scope and select a region-specific project. Then the IAM users in the group can use resources in the region-specific project based on their permissions.
Figure 7 Selecting a region-specific project
- Click OK.
Step 4: Create a User
- On the IAM console, choose Users from the left navigation pane, and click Create User in the upper right corner.
Figure 8 Creating a user
- Enter a username, deselect Management console access, and click Next.
Figure 9 Configuring basic information
- Select the user group created in step 1 and click Create.
Figure 10 Selecting a user group
- After the user is created, the Download Access Key dialog box is displayed. Click OK to download an AK/SK pair for the IAM user.
Figure 11 Downloading an access key
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
