Moving a windows server from on premise (VMware ESX or RHEL 5) to EC2

One use case that I expect to be fairly common as Cloud Computing gains adoptions is the need to migrate certain existing systems (phyiscal or virtual) to a cloud provider. It seems that today one must setup the Windows or Linux machine again in the cloud, which might be fine for one or two systems, but what if you had 100?

My experiment to automatically migrate systems into the cloud did not go as well as I had hoped. EC2 (and all other infrastructure as a server (iaas) cloud providers) do not accept uploads of Windows AMIs, OVF, VHD or VMDK. EC2 does accept Linux AMIs, but that's not what I was attempting. That left me with limited options:

1) Install virtual box under in a linux AMI and use OVF to send my VMs to EC2. This would probably work, but hardly seemed stable. I tried it on Windows, but starting virtual box hard locked the VM.

2) Use ntbackup to perform a shadow volume copy of the on premise system and restore the backup into the EC2 instance. Amazingly, this does works - assuming you have a full day to spend on it. The issue is that the windows system must be setup perfectly for EC2 usage before you take the backup.

The real gotcha here is that EC2 doesn't allow console access to the VM, you only have access via RDP. Since you are never really in front of the terminal, any driver failures and you're out of luck. I found that moving from a RHEL 5.3 VM to EC2 was the most reliable means of migration, because the paravirtualization drivers are the same (EC2 runs on open source xen and RHEL).

So, how do you prepare your windows instance before backup?

0) Migrate everything to a RHEL 5.3 system running Xen

1) Enable autlogon as an administrator account. This is critical to allow new hardware to be detected and process the environment change from RHEL 5 to Amazon EC2.

Here is my batch script to do this:

REM enable autologin
net user administrator password
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v AutoAdminLogon /t REG_SZ /d 1
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v DefaultUsername /t REG_SZ /d "administrator"
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v DefaultPassword /t REG_SZ /d "password"

REM Disable Shutdown Event Tracker reg add "HKLM\Software\Policies\Microsoft\Windows NT\Reliability" /f /v ShutdownReasonUI /t REG_DWORD /d 0

2) Disable driver signing checking and the new server wizard.

.reg file

REGEDIT4  [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DriverSearching] "DontSearchWindowsUpdate"=dword:00000001 "DontPromptForWindowsUpdate"=dword:00000001 "DontSearchCD"=dword:00000001 "DontSearchFloppies"=dword:00000001  [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Driver Signing] "BehaviorOnFailedVerify"=dword:00000000  [HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Windows NT\Driver Signing] "BehaviorOnFailedVerify"=dword:00000000  [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PlugPlay\Parameters] "SupressUI"=dword:00000001  [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\MYS] "DisableShowAtLogon"="dword:00000000  [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\srvWiz] @=dword:00000000 "CYSMustRun"=dword:00000001

3) Use this autoit script to accept and process any found new hardware wizards and other system messages. You can get autoit from here: http://www.autoitscript.com/autoit3/

$allowed = 240 * 1000
$time = TimerInit()
While $allowed > TimerDiff($time)
Select
Case WinExists('Service Control Manager')
WinActivate('Service Control Manager')
Case WinExists('Confirm File Replace')
WinActivate('Confirm File Replace')
Case WinExists('Found New Hardware Wizard')
WinActivate('Found New Hardware Wizard')
Case Else
Sleep(5000)
ContinueLoop
EndSelect

Sleep(250)

Select
Case WinExists('Service Control Manager')
Send('{ENTER}')
Case WinActive('Confirm File Replace')
Send('!a')
Case WinActive('Found New Hardware Wizard', 'Cannot Install this Hardware')
Send('{TAB 2}{ENTER}')
Case WinActive('Found New Hardware Wizard', 'The wizard has finished')
Send('{ENTER}')
Case WinActive('Found New Hardware Wizard', 'Completing the Found')
Send('{ENTER}')
Case WinActive('Found New Hardware Wizard', 'Welcome to')
Send('!n')
EndSelect
WEnd

4)Set the autoit script to start on boot by adding it to the all users startup program group.

5) You may want to capture a movie of everything going on in the system, just in case things fail. So use http://camstudio.org/blog/camstudio-command-line-v01-released to do a screen movie via the command line. You probably want to save this to an EBS volume on E.

6) You'll want to install the EC2Config tools into your image. [this section left intentially vague, because I can't tell you where or how to get these.]

7) Make sure your system is set to DHCP. EC2 doesn't like static IPs. Make sure that the MAC address is not overriden and the system will come up with the original MAC. I was thinking of just removing the NIC all together, but then you have to save the backup in the next step to a seperate drive and boot the drive in a new windows instance.

8) Reboot! make sure the system logs in automatically and runs autoit. You may want to remove your network card from device drivers and then reboot just to make sure it can be added correctly.

9) backup the entire system (c drive and system state). Compress it. Send to EC2 and restore.

10) Reboot the instance when ready. You should see a message saying EC2Config is restrating this.

Simple, right?