multi-cloud networking

Tech Note: Migrating an Aviatrix Controller from AWS to Azure

Constraints

  • AWS Access Account uses access key

AWS Controller

Change the AWS account from IAM role-based to Access and Secret keys

  • Create an access key for an user with permissions to manage Aviatrix.
  • Use the key id and key secret to change the Access Account:

This procedure is only supported on Accounts without Gateways deployed.

Backup

  • Use the button Backup Now to take a backup before shutdown the controller:

Shutdown Controller

  • Using the AWS Console, shutdown the Controller and CoPilot instances:

Azure Controller

Requirements

  • An existing or new VNET and subnet with a route table associated where there is a default route pointing to the internet
  • The subnet should be big enough to host the Aviatrix Cloud Network Controller and Aviatrix Cloud Network CoPilot
  • At least two Public IP Addresses
  • Permission to create VNETs, subnets, route tables, routes, route table association, public ip adress, deploy VMs, create service principals, create storage accounts, and blobs.

Aviatrix Cloud Network Controller deploys Controller 7.1.4105 and later. To deploy Controller version 7.1.4101 or earlier, subscribe to Aviatrix Secure Networking Platform BYOL.

Deploy New Controller

The steps below should be completed before the cut over.

Bring the controller to the desired software version (7.1.3176)

Onboard Access Accounts

  • Azure
  • OCI

Transfer Backup from AWS Bucket to Azure Storage Account

  • Download from the AWS S3 Bucket:
  • Upload to the Azure Storage Account:

Restore

Use the Controller Settings -> Maintenance -> Backup and Restore to Restore a backup from the storage account:

The restore will trigger the Controller Public IP migration wizard that will ask to confirm that the Controller Public IP changed:

After the restore:

Re-Enable Controller Security Group Management

  • disable and enable Controller Security Group Management
  • After a few seconds the Controller NSG will reflect the changes (security rule is created for each gateway):
  • The Security Rules of the Gateways are also updated with the new controller public ip:

Patching

  • Reapply patches to update properly the inventory.

Deploy CoPilot

  • Backup will restore the AWS Controller config including CoPilot bindings.
  • Deploy CoPilot in Azure and reconfigure the association.

Backup

  • Backup will restore the AWS Controller config including Backup configuration.
  • Remove the old backup configuration
  • Reconfigure backup using an Azure Storage Account

Tags

The controller tags the resources it creates. One of those tags is the Controller IP:

After the migration, another tag is created to store the old controller ip configuration:

References

https://docs.aviatrix.com/documentation/latest/controller-platform-administration/controller-backup-restore.html?expand=true

https://docs.aviatrix.com/documentation/latest/getting-started/getting-started-guide-azure.html

Leave a Reply