How Do I Set Up a Secure Migration Network for Using SMS?
Background
To use SMS, you need to install the Agent on the source server to be migrated. During the migration, the source server must continuously communicate with SMS and the paired target server.
Connecting the Source Server to Huawei Cloud API Gateway
- The Agent installed on the source server must communicate with Huawei Cloud services IAM, ECS, EVS, IMS, VPC, SMS, OBS, and DNS during the migration. You must ensure that the Agent can call the APIs of these services for the region you are migrating to.
- IAM and SMS are global-level services. The Agent needs to access their endpoints iam.myhuaweicloud.com and sms.ap-southeast-3.myhuaweicloud.com.
- ECS, EVS, IMS, VPC, and DNS are region-level services. The Agent needs to access their endpoints for the region you are migrating to.
- The Agent needs to access the OBS endpoint obs.cn-north-1.myhuaweicloud.com and the OBS endpoint for the region you are migrating to.
Table 1 lists the endpoints of the involved services when you migrate to the region CN South-Guangzhou.
Table 1 Addresses of involved services and buckets Service/Bucket
Endpoint/Bucket Address
Remarks
IAM
iam.myhuaweicloud.com
Endpoints of involved global-level services
SMS
sms.ap-southeast-3.myhuaweicloud.com
OBS
obs.cn-north-1.myhuaweicloud.com
ECS
ecs.cn-south-1.myhuaweicloud.com
Endpoints of involved region-level services for CN South-Guangzhou
EVS
evs.cn-south-1.myhuaweicloud.com
VPC
vpc.cn-south-1.myhuaweicloud.com
IMS
ims.cn-south-1.myhuaweicloud.com
OBS
obs.cn-south-1.myhuaweicloud.com
DNS
dns.cn-south-1.myhuaweicloud.com
sms-resource-intl-ap-southeast-3
sms-resource-intl-ap-southeast-3.obs.ap-southeast-3.myhuaweicloud.com
Addresses of the OBS buckets to be accessed by the SMS-Agent
sms-agent-config-inter
sms-agent-config-inter.obs.ap-southeast-3.myhuaweicloud.com
Retain the default values for sms-resource-intl-ap-southeast-3 and sms-agent-config-inter. The URLs of other dependent services depend on the target region.
SMS uses domain names such as bbs.huaweicloud.com, support.huaweicloud.com, and console.huaweicloud.com to provide migration and consulting services.
- If the DNS server addresses are not configured on the source server, you need to map each endpoint to its IP address in the local hosts file (C:\Windows\System32\drivers\etc\hosts for Windows and /etc/hosts for Linux).
The IP addresses can be obtained by pinging the endpoints, as shown in Figure 2.
Connecting the Source Server to the Target Server
- If you want to migrate over the Internet, purchase and configure an EIP for the target server.
- If you want to migrate over a private network, purchase and configure a Direct Connect or VPN connection from your source environment to Huawei Cloud.
Opening Required Ports on the Target Server
- If the target server runs Windows, open inbound ports 8899, 8900, and 22 in the security group of the target server. If the target server runs Linux, open inbound ports 8900 and 22.
- For security purposes, you are advised to only allow traffic from the source server over these ports.
- These ports must also be opened on the firewall of the target server.
- If a network ACL is configured for the subnet where the target server is located, you also need to open the required inbound ports in the network ACL.
For details, see How Do I Configure Security Group Rules for Target Servers?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
