AWS Server Migration Service

Introduction

AWS stands for Amazon Web Services. It is a comprehensive, emerging cloud computing platform provided by Amazon that includes a mixture of IaaS, PaaS, and SaaS offerings which stand for Infrastructure as a service, Platform as a service, and Packaged software as a service, respectively. AWS professionals can perform various jobs related to cloud computing, database administration, computer security, computer engineering, and computer development.

What is AWS Migration Server

Server Migration Service (SMS) is an agentless service from AWS that simplifies the AWS Migration process by replicating live server volumes from their on-premises servers into AWS by itself. The replicated volumes automatically create Amazon Machine Images(AMIs), which can launch the servers as AWS EC2 instances. Working with AMIs, you can quickly test and update your cloud-based images before deploying them in production. SMS migrates live running server instances from VMware, HyperV, and Microsoft Azure environments.

Security in AWS Server Migration Service

Security should be a shared responsibility between AWS and you. 

• Security of the cloud – AWS is in charge of protecting the Infrastructure that controls AWS services in the AWS Cloud. AWS provides you with secure services. Third-party auditors have verified their effective security as part of the AWS Compliance Programs. 
• Security in the cloud – The AWS service determines your responsibility. You are responsible for factors like your data sensitivity, the company’s requirements, and applicable laws and regulations.

Data protection in AWS SMS

As AWS is in charge of protecting the global infrastructure that runs all of the AWS Cloud, you are responsible for the content hosted on this infrastructure, including the security configuration and management tasks for the AWS services. You should protect your AWS account credentials and set up individual user accounts with AWS Identity and Access Management (IAM) for data protection purposes. It5 is recommended that you secure your data in the following ways:

• Use multi-factor authentication with each account.
• Set up API and user activity logging with AWS CloudTrail.
• Use SSL/TLS to communicate with AWS resources. TLS 1.2 or later is recommended.
• Use advanced security services like Amazon Macie, which assists in discovering and securing personal data.
• Use AWS encryption solutions and all default security controls within AWS services.
• If you require FIPS 140-2 validated cryptographic modules when accessing AWS through a command-line interface or an API, use a FIPS endpoint.
• Do not put confidential information, like your customers' email addresses, into tags or free-form fields such as a Name field. 

Service-linked roles for AWS SMS

AWS Server Migration Service uses a service-linked role for the permissions required to call other AWS services on your behalf. Before introducing a service-linked role for AWS SMS, you should create two IAM roles to grant AWS SMS the permissions it needs. These roles are no longer needed to use AWS SMS. However, they are documented here for completeness.

Resilience in AWS SMS

The AWS global infrastructure is built around the AWS Regions and Availability Zones. The AWS Regions multiple isolated Availability Zones connected through high-throughput, low-latency, and highly redundant networking. You can design and operate applications and databases with Availability Zones that automatically failover between zones without interruption.