Support requirements and considerations for Private endpoint connectivity

The article series describes how to use Azure Migrate to discover, assess, and migrate servers over a private network by using Azure Private Link. You can use the Azure Migrate: Discovery and assessment and Migration and modernization tools to connect privately and securely to Azure Migrate over an Azure ExpressRoute private peering or a site-to-site (S2S) VPN connection by using Private Link.

We recommend the private endpoint connectivity method when there's an organizational requirement to access Azure Migrate and other Azure resources without traversing public networks. By using Private Link, you can use your existing ExpressRoute private peering circuits for better bandwidth or latency requirements.

Before you get started, review the required permissions and the supported scenarios and tools.

Support requirements

Review the following required permissions and the supported scenarios and tools.

Supported geographies

The functionality is now in GA in supported public cloud and government cloud geographies.

Required permissions

You must have Contributor + User Access Administrator or Owner permissions on the subscription.

Supported scenarios and tools

Deployment Details Tools
Discovery and assessment Perform an agentless, at-scale discovery and assessment of your servers running on any platform. Examples include hypervisor platforms such as VMware vSphere or Microsoft Hyper-V, public clouds such as AWS or GCP, or even bare metal servers. Azure Migrate: Discovery and assessment
Software inventory Discover apps, roles, and features running on VMware VMs. Azure Migrate: Discovery and assessment
Dependency visualization Use the dependency analysis capability to identify and understand dependencies across servers.
Agentless dependency visualization is supported natively with Azure Migrate private link support.
Agent-based dependency visualization requires internet connectivity. Learn how to use private endpoints for agent-based dependency visualization.
Azure Migrate: Discovery and assessment
Migration Perform agentless VMware migrations, agentless Hyper-V migrations, or use the agent-based approach to migrate your VMware VMs, Hyper-V VMs, physical servers, VMs running on AWS, VMs running on GCP, or VMs running on a different virtualization provider. Migration and modernization

Other integrated tools

Other migration tools might not be able to upload usage data to the Azure Migrate project if the public network access is disabled. The Azure Migrate project should be configured to allow traffic from all networks to receive data from other Microsoft or external independent software vendor (ISV) offerings.

To enable public network access for the Azure Migrate project, sign in to the Azure portal, go to the Azure Migrate Properties page in the portal, and select No > Save.

Screenshot that shows how to change the network access mode.

Other considerations

Considerations Details
Pricing For pricing information, see Azure Page Blobs pricing and Private Link pricing.
Virtual network requirements The ExpressRoute/VPN gateway endpoint should reside in the selected virtual network or a virtual network connected to it. You might need about 15 IP addresses in the virtual network.
PowerShell support PowerShell isn't supported. We recommend using the Azure portal or REST APIs for leveraging Azure Migrate Private Link support.

Next steps