πŸ“€ Migration & Hybrid Cloud#

Learning Objectives#

  • Plan migration strategies using the 7 Rs framework
  • Migrate data with DMS, DataSync, and Storage Gateway
  • Design hybrid connectivity with VPN and Direct Connect
  • Understand migration tools (SMS, MGN, Snowball)

1. The 7 Rs Migration Strategy#

graph TD
    Decision{"What's your business goal?"}
    
    Decision --> Q1{"App still needed?"}
    
    Q1 -- No --> Retire["πŸ—‘οΈ Retire\nDecommission unused apps\nTool: App Discovery\nRisk: None\nEffort: Minimal"]
    
    Q1 -- Yes --> Q2{"Can move as-is?"}
    
    Q2 -- Yes --> Q3{"Same hypervisor?"}
    Q3 -- Yes --> Relocate["πŸ”„ Relocate\nMove to cloud hypervisor\nTool: AWS MGN\nRisk: Low\nEffort: Low"]
    Q3 -- No --> Rehost["🚚 Rehost (Lift & Shift)\nMove as-is to EC2\nTool: AWS MGN / SMS\nRisk: Lowest\nEffort: Quickest"]
    
    Q2 -- No --> Q4{"Minor changes acceptable?"}
    
    Q4 -- Yes --> Replatform["βš™οΈ Replatform\nOptimize without rewrite\nE.g., RDS instead of DB on EC2\nTool: DMS\nRisk: Low-Medium\nEffort: Medium"]
    
    Q4 -- No --> Q5{"Rebuild as cloud-native?"}
    
    Q5 -- Yes --> Refactor["πŸ—οΈ Refactor/Re-architect\nFull cloud-native rebuild\nLambda, ECS, DynamoDB\nRisk: Highest\nEffort: Most"]
    
    Q5 -- No --> Q6{"Switch to SaaS?"}
    Q6 -- Yes --> Repurchase["πŸ’Ό Repurchase\nMove to SaaS product\nE.g., Salesforce, Workday\nRisk: Medium\nEffort: Medium"]
    Q6 -- No --> Retain["🏠 Retain\nKeep on-premises\nHybrid connectivity\nRisk: None\nEffort: None"]

    style Retire fill:#888,color:#fff
    style Relocate fill:#527fff,color:#fff
    style Rehost fill:#01ab5c,color:#fff
    style Replatform fill:#ff9900,color:#fff
    style Refactor fill:#d33,color:#fff
    style Repurchase fill:#1e8900,color:#fff
    style Retain fill:#666,color:#fff
Strategy Description Tool RTO Effort
Rehost (Lift & Shift) Move as-is to EC2 AWS MGN, SMS Hours Low
Replatform (Lift & Optimize) Move with minor optimizations (e.g., RDS) DMS Days Medium
Refactor/Re-architect Rebuild as cloud-native Lambda, ECS, DynamoDB Months High
Repurchase Move to SaaS product Third-party Months Medium
Retire Decommission unused apps Application Discovery β€” Low
Retain Keep on-premises Hybrid connectivity β€” None
Relocate Move to cloud-native hypervisor AWS MGN Hours Low

⚑ Exam Tip: Most SAA questions focus on Rehost (quickest, least risk) and Replatform (some optimization without full rewrite).

2. Database Migration Service (DMS)#

2.1 DMS Overview#

Migrate databases to AWS with minimal downtime:

Source DB (on-prem/EC2/RDS)
    β”‚
    β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
    β”œβ”€β”€ DMS Instanceβ”‚
    β”‚ β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”˜
    β”‚        β”‚
    β–Ό        β–Ό
Target DB (RDS, Aurora, DynamoDB, S3)

Supported Sources: Oracle, SQL Server, MySQL, MariaDB, PostgreSQL, MongoDB, SAP, Db2 Supported Targets: RDS, Aurora, DynamoDB, S3, Redshift, Kafka

Schema Conversion Tool (SCT):

  • Convert schema between different DB engines
  • Example: Oracle β†’ Aurora PostgreSQL, SQL Server β†’ RDS MySQL
# Create replication instance
aws dms create-replication-instance \
  --replication-instance-identifier "migration-instance" \
  --replication-instance-class "dms.t3.medium" \
  --allocated-storage 50 \
  --vpc-security-group-ids sg-dms

# Create source endpoint
aws dms create-endpoint \
  --endpoint-identifier "source-oracle" \
  --endpoint-type source \
  --engine-name oracle \
  --oracle-settings '{"DatabaseName": "ORCL", "ServerName": "10.0.0.50", "Port": 1521, "Username": "migration_user", "Password": "password" }'

# Create target endpoint
aws dms create-endpoint \
  --endpoint-identifier "target-aurora" \
  --endpoint-type target \
  --engine-name aurora \
  --aurora-settings '{"DatabaseName": "appdb", "ServerName": "app-cluster.cluster-xxx.us-east-1.rds.amazonaws.com", "Port": 3306, "Username": "admin", "Password": "password" }'

# Create replication task (full load + CDC)
aws dms create-replication-task \
  --replication-task-identifier "oracle-to-aurora" \
  --source-endpoint-arn "arn:aws:dms:us-east-1:...:endpoint/source-oracle" \
  --target-endpoint-arn "arn:aws:dms:us-east-1:...:endpoint/target-aurora" \
  --replication-instance-arn "arn:aws:dms:us-east-1:...:rep/migration-instance" \
  --migration-type "full-load-and-cdc" \
  --table-mappings 'file://table-mappings.json'

2.2 AWS Schema Conversion Tool (SCT)#

Converts database schema from one engine to another:

  • Oracle β†’ PostgreSQL/Aurora
  • SQL Server β†’ MySQL/PostgreSQL
  • Data warehouse β†’ Redshift

3. AWS DataSync#

Purpose: Fast, secure data transfer between on-premises and AWS (or between AWS services)

Feature Description
Speed Up to 10x faster than CLI
Security Encryption in transit, TLS
Protocol NFS, SMB (on-prem), S3, EFS, FSx (AWS)
Incremental Transfers only changed files
Scheduling Hourly, daily, weekly 
# Create DataSync agent (virtual appliance on-prem)
# Download from AWS console β†’ Deploy as VM β†’ Activate

# Create location (on-prem NFS)
aws datasync create-location-nfs \
  --server-hostname "10.0.0.100" \
  --on-prem-config '{"AgentArns": ["arn:aws:datasync:...:agent/agent-xxx"]}' \
  --mount-options '{"Version": "NFSv4"}'

# Create location (S3)
aws datasync create-location-s3 \
  --s3-bucket-arn "arn:aws:s3:::my-migration-bucket" \
  --s3-config '{"BucketAccessRoleArn": "arn:aws:iam::...:role/datasync-s3-access"}'

# Create task
aws datasync create-task \
  --source-location-arn "arn:aws:datasync:...:location/source-nfs" \
  --destination-location-arn "arn:aws:datasync:...:location/dest-s3" \
  --options '{"PreserveDeletedFiles": "REMOVE", "VerifyMode": "POINT_IN_TIME_CONSISTENT"}'

4. AWS Storage Gateway#

Purpose: Hybrid cloud storage with low-latency access to AWS from on-premises

Type Protocol Use Case
File Gateway NFS, SMB File shares backed by S3
Volume Gateway (stored) iSCSI Entire dataset on-prem, async backup to S3
Volume Gateway (cached) iSCSI Primary data in S3, frequently accessed data cached on-prem
Tape Gateway iSCSI VTL Replace physical tape with S3/Glacier 
File Gateway:
On-Prem App β†’ NFS/SMB β†’ File Gateway (VM) β†’ S3 β†’ Lifecycle β†’ Glacier

Volume Gateway (Cached):
On-Prem App β†’ iSCSI β†’ Volume Gateway β†’ S3 (primary) + Cache (hot data)

Tape Gateway:
Backup App β†’ iSCSI VTL β†’ Tape Gateway β†’ S3 β†’ Glacier

⚑ Exam Tip: Storage Gateway for hybrid cloud storage. File Gateway = NFS to S3. Volume Gateway = iSCSI block storage. Tape Gateway = virtual tape backup.

5. Hybrid Connectivity#

5.1 Site-to-Site VPN#

# Create VPN connection
aws ec2 create-vpn-connection \
  --customer-gateway-id cgw-xxx \
  --vpn-gateway-id vgw-xxx \
  --type ipsec.1 \
  --options '{"StaticRoutesOnly": false}'

VPN Options:

  • Virtual Private Gateway (VGW) β€” Attached to VPC
  • Transit Gateway β€” Hub for many VPCs/VPNs
  • AWS Client VPN β€” Individual users connect remotely

5.2 AWS Direct Connect#

On-Prem Router β†’ Colocation β†’ AWS Direct Connect Location β†’ VPC
                    β”‚
                    β”œβ”€β”€ Private VIF β†’ VGW β†’ VPC (Private subnets)
                    β”œβ”€β”€ Public VIF β†’ IGW β†’ AWS Public services (S3, DynamoDB)
                    └── Transit VIF β†’ Transit Gateway β†’ Multiple VPCs
Feature VPN Direct Connect
Connection Internet (IPsec) Dedicated fiber
Bandwidth Up to 1.25 Gbps 50 Mbps - 100 Gbps
Latency Variable Consistent
Cost Low ($0.05/hr) Higher (port + data)
Setup Hours Weeks
SLA None 99.99%

Direct Connect + VPN Backup:

Primary: Direct Connect (1 Gbps) β†’ VPC
Backup:  Site-to-Site VPN (IPSEC) β†’ VPC

5.3 AWS Snow Family#

Device Storage Use Case
Snowcone 8 TB Small data, edge computing
Snowball Edge 80 TB Large data migration
Snowmobile 100 PB Exabyte-scale migration 
# Create Snowball Edge job
aws snowball create-job \
  --job-type IMPORT \
  --job-resource-notification '{"SnsTopicArn": "arn:aws:sns:...:snowball-notifications"}' \
  --address-id "addr-xxx" \
  --role-arn "arn:aws:iam::...:role/snowball-role" \
  --snowball-capacity-preference T100 \
  --resources '{"S3Resources": [{"BucketArn": "arn:aws:s3:::my-bucket"}]}'

6. AWS Migration Hub#

Central place to track migration progress:

  • Application Discovery Service (agentless + agent-based)
  • Migration tracking across tools (DMS, MGN, CloudEndure)
  • Group servers into applications for tracking

βœ… Chapter Quiz#

  1. Which migration strategy means moving applications as-is to EC2?

    • A) Rehost
    • B) Replatform
    • C) Refactor
    • D) Retire

  2. Which service provides continuous data replication with minimal downtime for database migration?

    • A) DataSync
    • B) DMS
    • C) Snowball
    • D) Storage Gateway

  3. Which Storage Gateway type provides NFS access to S3?

    • A) File Gateway
    • B) Volume Gateway
    • C) Tape Gateway
    • D) Gateway Cached

  4. Which connectivity option provides dedicated fiber bandwidth with consistent latency?

    • A) VPN
    • B) Direct Connect
    • C) VPC Peering
    • D) Transit Gateway

  5. Which AWS service is best for transferring 80 TB of data when internet is too slow?

    • A) DataSync
    • B) DMS
    • C) Snowball Edge
    • D) Storage Gateway

  6. Which migration strategy involves moving an application to the cloud with minimal changes, such as moving from Oracle on EC2 to RDS?

    • A) Rehost
    • B) Replatform
    • C) Refactor
    • D) Relocate

  7. What does AWS DMS use to enable ongoing replication with minimal downtime?

    • A) Full load only
    • B) Change Data Capture (CDC)
    • C) Batch processing
    • D) Snapshot restore

  8. Which AWS service provides a virtual tape library replacement for backup to the cloud?

    • A) File Gateway
    • B) Volume Gateway
    • C) Tape Gateway
    • D) DataSync

  9. A company needs to migrate 100 PB of data to AWS. Which device should they use?

    • A) Snowcone
    • B) Snowball Edge
    • C) Snowmobile
    • D) DataSync

  10. Which AWS service provides one-click migration of on-premises VMware workloads to AWS?

    • A) DMS
    • B) VMware Cloud on AWS
    • C) Application Migration Service (MGN)
    • D) SMS

  11. What is the purpose of AWS Direct Connect?

    • A) To provide a dedicated network connection from on-premises to AWS
    • B) To create a VPN over the internet
    • C) To connect VPCs within a region
    • D) To accelerate S3 uploads

  12. Which Storage Gateway type stores data locally but asynchronously backs it up to S3?

    • A) File Gateway
    • B) Volume Gateway (stored)
    • C) Volume Gateway (cached)
    • D) Tape Gateway

  13. A company needs to convert their Oracle database schema to Amazon Aurora PostgreSQL. Which tool should they use?

    • A) DMS
    • B) SCT
    • C) DataSync
    • D) App Discovery

  14. What is the primary advantage of Direct Connect over Site-to-Site VPN?

    • A) Lower cost
    • B) Faster setup time
    • C) Consistent latency and higher bandwidth
    • D) Built-in encryption

  15. Which AWS migration strategy means you decommission unused applications?

    • A) Retain
    • B) Retire
    • C) Remove
    • D) Replace

  16. A company needs to migrate file data from an on-premises NFS server to AWS. Which service is optimized for this use case?

    • A) DMS
    • B) DataSync
    • C) Storage Gateway
    • D) Snowball

  17. What is the purpose of the AWS Migration Hub?

    • A) To track and manage migration progress across multiple tools
    • B) To automatically migrate servers
    • C) To convert database schemas
    • D) To transfer files

  18. Which VPN option provides encrypted connectivity between individual users and AWS?

    • A) Site-to-Site VPN
    • B) Client VPN
    • C) Direct Connect
    • D) VPC Peering

  19. A company needs to discover the dependencies between on-premises servers before migration. Which service should be used?

    • A) Migration Hub
    • B) Application Discovery Service
    • C) DataSync
    • D) DMS

  20. What type of VIF would you use with Direct Connect to access public AWS services like S3?

    • A) Private VIF
    • B) Public VIF
    • C) Transit VIF
    • D) Direct VIF

  21. Which AWS Snow family device is suitable for edge computing with the smallest form factor?

    • A) Snowcone
    • B) Snowball Edge
    • C) Snowmobile
    • D) Snowball

  22. A company wants to use DMS to migrate a database from on-premises to RDS with zero downtime. Which migration type should they choose?

    • A) Full load
    • B) Full load with CDC
    • C) CDC only
    • D) Snapshot restore

  23. What is the function of AWS Transit Gateway in hybrid connectivity?

    • A) To connect a single VPC to on-premises
    • B) To act as a hub for connecting multiple VPCs and on-prem networks
    • C) To provide internet access for VPCs
    • D) To accelerate content delivery

  24. Which Storage Gateway type is best for an on-premises application that needs low-latency access to a large dataset primarily stored in S3?

    • A) File Gateway
    • B) Volume Gateway (cached)
    • C) Volume Gateway (stored)
    • D) Tape Gateway

  25. A company is migrating a legacy application to AWS and wants the fastest time to cloud with the least risk. Which 7 Rs strategy should they choose?

    • A) Refactor
    • B) Rehost
    • C) Replatform
    • D) Repurchase
πŸ“ Answer Key
  1. A β€” Rehost (Lift & Shift) moves applications as-is.
  2. B β€” DMS provides continuous replication with minimal downtime.
  3. A β€” File Gateway provides NFS/SMB access to S3.
  4. B β€” Direct Connect provides dedicated fiber with consistent latency.
  5. C β€” Snowball Edge is designed for large offline data transfers.
  6. B β€” Replatform (Lift & Optimize) moves with minor optimizations like switching to RDS.
  7. B β€” DMS uses Change Data Capture (CDC) to replicate ongoing changes with minimal downtime.
  8. C β€” Tape Gateway replaces physical tape libraries with virtual tapes stored in S3/Glacier.
  9. C β€” Snowmobile is an exabyte-scale migration solution using a shipping container.
  10. C β€” Application Migration Service (MGN) automates lift-and-shift migration of servers to AWS.
  11. A β€” Direct Connect provides a dedicated private fiber connection from on-prem to AWS.
  12. B β€” Volume Gateway (stored) keeps the entire dataset on-prem with async backups to S3.
  13. B β€” SCT (Schema Conversion Tool) converts database schemas between different engines.
  14. C β€” Direct Connect offers consistent latency and higher bandwidth (up to 100 Gbps).
  15. B β€” Retire means decommissioning applications that are no longer needed.
  16. B β€” DataSync is optimized for fast, secure file transfers from on-prem NFS/SMB to AWS.
  17. A β€” Migration Hub provides a single place to track migration progress across AWS tools.
  18. B β€” Client VPN allows individual users to connect to AWS over encrypted tunnels.
  19. B β€” Application Discovery Service discovers on-prem servers, dependencies, and utilization.
  20. B β€” Public VIF provides access to public AWS services like S3, DynamoDB, and CloudFront.
  21. A β€” Snowcone (8 TB) is the smallest Snow device, suitable for edge computing.
  22. B β€” Full load with CDC provides initial migration plus ongoing replication for near-zero downtime.
  23. B β€” Transit Gateway connects multiple VPCs and on-premises networks through a central hub.
  24. B β€” Volume Gateway (cached) stores primary data in S3 and caches frequently accessed data locally.
  25. B β€” Rehost (Lift & Shift) is the fastest strategy with the least risk and minimal changes.

πŸ“š Additional Resources#

Next β†’ HA & Disaster Recovery

Backward πŸ“Š Monitoring & Observability πŸ”„ High Availability & Disaster Recovery Forward