AWS Application Discovery Service is no longer open to new customers. Alternatively, use AWS Transform which provides similar capabilities. For more information, see [AWS Application Discovery Service availability change](https://docs.aws.amazon.com/application-discovery/latest/userguide/application-discovery-service-availability-change.html).

# AWS Application Discovery Agent
Discovery Agent

The AWS Application Discovery Agent (Discovery Agent) is software that you install on on-premises servers and VMs targeted for discovery and migration. Agents capture system configuration, system performance, running processes, and details of the network connections between systems. Agents support most Linux and Windows operating systems, and you can deploy them on physical on-premises servers, Amazon EC2 instances, and virtual machines. 

**Note**  
Before you deploy the Discovery Agent, you must choose a [Migration Hub home Region](https://docs.aws.amazon.com//migrationhub/latest/ug/home-region.html). You must register your agent in your home Region.

The Discovery Agent runs in your local environment and requires root privileges. When you start the Discovery Agent, it connects securely with your home region and registers with Application Discovery Service.
+ For example, if `eu-central-1` is your home Region, it registers `arsenal-discovery.eu-central-1.amazonaws.com` with Application Discovery Service.
+ Or substitute your home Region as needed for all other Regions except us-west-2.
+ If `us-west-2` is your home Region, it registers `arsenal.us-west-2.amazonaws.com` with Application Discovery Service.

## How it works
How it works

After registration, the agent starts collecting data for the host or VM where it resides. The agent pings the Application Discovery Service at 15-minute intervals for configuration information.

The collected data includes system specifications, times series utilization or performance data, network connections, and process data. You can use this information to map your IT assets and their network dependencies. All of these data points can help you determine the cost of running these servers in AWS and also plan for migration.

Data is transmitted securely by the Discovery Agents to Application Discovery Service using Transport Layer Security (TLS) encryption. Agents are configured to upgrade automatically when new versions become available. You can change this configuration setting if desired.

**Tip**  
Before downloading and beginning Discovery Agent installation, be sure to read through all of the required prerequisites in [Prerequisites for Discovery Agent](gen-prep-agents.md)

## Data collected by Discovery Agent
Data collected

AWS Application Discovery Agent (Discovery Agent) is software that you install on on-premises servers and VMs. Discovery Agent collects system configuration, times series utilization or performance data, process data, and Transmission Control Protocol (TCP) network connections. This section describes the data that's collected.

**Table legend for Discovery Agent collected data:**
+ The term host refers to either a physical server or a VM.
+ Collected data is in measurements of kilobytes (KB) unless stated otherwise.
+ Equivalent data in the Migration Hub console is reported in megabytes (MB).
+ The polling period is in intervals of approximately 15 seconds and is sent to AWS every 15 minutes.
+ Data fields denoted with an asterisk (\$1) are only available in the `.csv` files that are produced from the agent's API export function.


| Data field | Description | 
| --- | --- | 
| agentAssignedProcessId\$1 | Process ID of processes discovered by the agent | 
| agentId | Unique ID of agent | 
| agentProvidedTimeStamp\$1 | Date and time of agent observation (mm/dd/yyyy hh:mm:ss am/pm) | 
| cmdLine\$1 | Process entered at the command line | 
| cpuType  | Type of CPU (central processing unit) used in host | 
| destinationIp\$1 | IP address of device to which packet is being sent | 
| destinationPort\$1 | Port number to which the data/request is to be sent | 
| family\$1 | Protocol of routing family | 
| freeRAM (MB)  | Free RAM and cached RAM that can be made immediately available to applications, measured in MB | 
| gateway\$1 | Node address of network | 
| hostName | Name of host data was collected on | 
| hypervisor | Type of hypervisor | 
| ipAddress | IP address of the host | 
| ipVersion\$1 | IP version number | 
| isSystem\$1 | Boolean attribute to indicate if a process is owned by the OS | 
| macAddress  | MAC address of the host | 
| name\$1 | Name of the host, network, metrics, etc. data is being collected for | 
| netMask\$1 | IP address prefix that a network host belongs to | 
| osName  | Operating system name on host | 
| osVersion | Operating system version on host | 
| path | Path of the command sourced from the command line | 
| sourceIp\$1 | IP address of the device sending the IP packet  | 
| sourcePort\$1 | Port number from which the data/request originates from | 
| timestamp\$1 | Date and time of reported attribute logged by agent | 
| totalCpuUsagePct  | Percentage of CPU usage on host during polling period | 
| totalDiskBytesReadPerSecond (Kbps) | Total kilobits read per second across all disks | 
| totalDiskBytesWrittenPerSecond (Kbps) | Total kilobits written per second across all disks  | 
| totalDiskFreeSize (GB) | Free disk space expressed in GB | 
| totalDiskReadOpsPerSecond | Total number of read I/O operations per second | 
| totalDiskSize (GB) | Total capacity of disk expressed in GB | 
| totalDiskWriteOpsPerSecond | Total number of write I/O operations per second | 
| totalNetworkBytesReadPerSecond (Kbps) | Total amount of throughput of bytes read per second | 
| totalNetworkBytesWrittenPerSecond (Kbps) | Total amount of throughput of bytes written per second | 
| totalNumCores | Total number of independent processing units within CPU | 
| totalNumCpus | Total number of central processing units | 
| totalNumDisks | The number of physical hard disks on a host | 
| totalNumLogicalProcessors\$1 | Total number of physical cores times the number of threads that can run on each core | 
| totalNumNetworkCards | Total count of network cards on server | 
| totalRAM (MB) | Total amount of RAM available on host | 
| transportProtocol\$1 | Type of transport protocol used | 

# Prerequisites for Discovery Agent
Prerequisites

The following are the prerequisites and the tasks that you must perform before you can successfully install the AWS Application Discovery Agent (Discovery Agent). 
+ You must set an [AWS Migration Hub home region](https://docs.aws.amazon.com//migrationhub/latest/ug/home-region.html) before you begin installing Discovery Agent. 
+ If you have a *1.x* version of the agent installed, it must be removed before installing the latest version.
+ If the host that the agent is being installed on runs Linux, then verify that the host at least supports the Intel i686 CPU architecture (also known as the P6 micro architecture). 
+ Generate [access keys](https://docs.aws.amazon.com//IAM/latest/UserGuide/id_credentials_access-keys.html) needed to install Discovery Agent.
+ Verify that your operating system (OS) environment is supported:
  + **Linux**
    + Amazon Linux 2012.03, 2015.03
    + Amazon Linux 2 (9/25/2018 update and later)
    + Ubuntu 12.04, 14.04, 16.04, 18.04, 20.04
    + Red Hat Enterprise Linux 5.11, 6.10, 7.3, 7.7, 8.1
    + CentOS 5.11, 6.9, 7.3
    + SUSE 11 SP4, 12 SP5, 15 SP5
  + **Windows**
    + Windows Server 2003 R2 SP2
    + Windows Server 2008 R1 SP2, 2008 R2 SP1
    + Windows Server 2012 R1, 2012 R2
    + Windows Server 2016
    + Windows Server 2019
    + Windows Server 2022
+ If outbound connections from your network are restricted, you'll need to update your firewall settings. Agents require access to `arsenal` over TCP port 443. They don't require any inbound ports to be open.

  For example, if your home Region is `eu-central-1`, you'd use `https://arsenal-discovery.eu-central-1.amazonaws.com:443`
+ Access to Amazon S3 in your home region is required for auto-upgrade to function.
+ Create an AWS Identity and Access Management (IAM) user in the console and attach the existing `AWSApplicationDiscoveryAgentAccess` IAM managed policy. This policy allows the user to perform necessary agent actions on your behalf. For more information about managed policies, see [AWS managed policies for AWS Application Discovery Service](security-iam-awsmanpol.md). 
+ Check the time skew from your Network Time Protocol (NTP) servers and correct if necessary. Incorrect time synchronization causes the agent registration call to fail.

**Note**  
The Discovery Agent has a 32-bit agent executable, which works on 32-bit and 64-bit operating systems. The number of installation packages needed for deployment is reduced by having a single executable. This executable agent works for Linux and for Windows OS. It is addressed in their respective installation sections that follow.

# Installing Discovery Agent
Installing Discovery Agent

This page covers how to install the Discovery Agent on Linux and Microsoft Windows.

## Install Discovery Agent on Linux
Install on Linux

Complete the following procedure on Linux. Be sure that your [Migration Hub home region](https://docs.aws.amazon.com//migrationhub/latest/ug/home-region.html) has been set before you begin this procedure.

**Note**  
If you are using a non-current Linux version, see [Considerations with older Linux platforms](#old_linux).<a name="linux_steps"></a>

**To install AWS Application Discovery Agent in your data center**

1. Sign in to your Linux-based server or VM and create a new directory to contain your agent components.

1. Switch to the new directory and download the installation script from either the command line or the console.

   1. To download from the command line, run the following command.

      ```
      curl -o ./aws-discovery-agent.tar.gz https://s3.region.amazonaws.com/aws-discovery-agent.region/linux/latest/aws-discovery-agent.tar.gz
      ```

   1. To download from the Migration Hub console, do the following: 

      1. Sign in to the AWS Management Console and open the Migration Hub console at [https://console.aws.amazon.com/migrationhub/](https://console.aws.amazon.com/migrationhub/). 

      1. In the left navigation page, under **Discover**, choose **Tools**.

      1. In the **AWS Discovery Agent** box, choose **Download agents**, then choose **Download for Linux**. Your download begins immediately.

1. Verify the cryptographic signature of the installation package with the following three commands:

   ```
   curl -o ./agent.sig https://s3.region.amazonaws.com/aws-discovery-agent.region/linux/latest/aws-discovery-agent.tar.gz.sig
   ```

   ```
   curl -o ./discovery.gpg https://s3.region.amazonaws.com/aws-discovery-agent.region/linux/latest/discovery.gpg
   ```

   ```
   gpg --no-default-keyring --keyring ./discovery.gpg --verify agent.sig aws-discovery-agent.tar.gz
   ```

   The agent public key (`discovery.gpg`) fingerprint is `7638 F24C 6717 F97C 4F1B 3BC0 5133 255E 4DF4 2DA2`.

1. Extract from the tarball as shown following.

   ```
   tar -xzf aws-discovery-agent.tar.gz
   ```

1. To install the agent, choose one of the following installation methods.    
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/application-discovery/latest/userguide/install.html)

1. If outbound connections from your network are restricted, you'll need to update your firewall settings. Agents require access to `arsenal` over TCP port 443. They don't require any inbound ports to be open.

   For example, if your home Region is `eu-central-1`, you'd use `https://arsenal-discovery.eu-central-1.amazonaws.com:443`

### Considerations with older Linux platforms


Some older Linux platforms such as SUSE 10, CentOS 5, and RHEL 5 are either at end of life or only minimally supported. These platforms can suffer from out-of-date cipher suites that prevent the agent update script from downloading installation packages. 

**Curl**  
The Application Discovery agent requires `curl` for secure communications with the AWS server. Some old versions of `curl` are not able to communicate securely with a modern web service.   
To use the version of `curl` included with the Application Discovery agent for all operations, run the installation script with the `-c true` parameter. 

**Certificate Authority Bundle**  
Older Linux systems might have an out-of-date Certificate Authority (CA) bundle, which is critical to secure internet communication.   
To use the CA bundle included with the Application Discovery agent for all operations, run the installation script with the `-b true` parameter.

These installation script options can be used together. In the following example command, both of the script parameters are passed to the installation script: 

```
sudo bash install -r your-home_region -k aws-access-key-id -s aws-secret-access-key -c true -b true
```

 

## Install Discovery Agent on Microsoft Windows
Install on Microsoft Windows

Complete the following procedure to install an agent on Microsoft Windows. Be sure that your [Migration Hub home region](https://docs.aws.amazon.com//migrationhub/latest/ug/home-region.html) has been set before you begin this procedure.<a name="windows_steps"></a>

**To install AWS Application Discovery Agent in your data center**

1. Download the [Windows agent installer](https://s3.us-west-2.amazonaws.com/aws-discovery-agent.us-west-2/windows/latest/AWSDiscoveryAgentInstaller.exe) *but do not double-click to run the installer within Windows*.
**Important**  
Do not double-click to run the installer within Windows as it will fail to install. *Agent installation only works from the command prompt*. (If you already double-clicked on the installer, you must go to **Add/Remove Programs** and uninstall the agent before continuing on with the remaining installation steps.)   
If the Windows agent installer doesn't detect any version of the Visual C\$1\$1 x86 runtime on the host, it automatically installs the Visual C\$1\$1 x86 2015–2019 runtime before installing the agent software.

1. Open a command prompt as an administrator and navigate to the location where you saved the installation package.

1. To install the agent, choose one of the following installation methods.    
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/application-discovery/latest/userguide/install.html)

1. If outbound connections from your network are restricted, you must update your firewall settings. Agents require access to `arsenal` over TCP port 443. They don't require any inbound ports to be open.

   For example, if your home Region is `eu-central-1`, you'd use the following: `https://arsenal-discovery.eu-central-1.amazonaws.com:443`

### Package signing and automatic upgrades


For Windows Server 2008 and later, Amazon cryptographically signs the Application Discovery Service agent installation package with an SHA256 certificate. For SHA2-signed autoupdates on Windows Server 2008 SP2, ensure that hosts have a hotfix installed to support SHA2 signature authentication. Microsoft's latest support [hotfix](https://support.microsoft.com/en-us/topic/update-to-add-sha-2-code-signing-support-for-windows-server-2008-sp2-f120e4d0-da06-6860-3610-59c5cd0b7cd2) helps support SHA2 authentication on Windows Server 2008 SP2. 



**Note**  
The hotfixes for SHA256 support for Windows 2003 are no longer publicly available from Microsoft. If these fixes are not already installed in your Windows 2003 host, manual upgrades are necessary.

**To perform upgrades manually**

1. Download the [Windows Agent Updater](https://s3.us-west-2.amazonaws.com/aws-discovery-agent.us-west-2/windows/latest/AWSDiscoveryAgentUpdater.exe).

1. Open command prompt as an administrator.

1. Navigate to the location where the updater was saved.

1. Run the following command.

   ```
   AWSDiscoveryAgentUpdater.exe /Q
   ```

# Managing the Discovery Agent process


 This page covers how to manage the Discovery Agent on Linux and Microsoft Windows.

## Manage the Discovery Agent process on Linux
Manage the process on Linux

You can manage the behavior of the Discovery Agent at the system level using the `systemd`, `Upstart`, or `System V init` tools. The following tabs outline the commands for the supported tasks in each of the respective tools.

------
#### [ systemd ]


**Management Commands for the Application Discovery Agent**  

| Task | Command | 
| --- | --- | 
| Verify that an agent is running |  `sudo systemctl status aws-discovery-daemon.service`   | 
| Start an agent |  `sudo systemctl start aws-discovery-daemon.service`   | 
| Stop an agent |  `sudo systemctl stop aws-discovery-daemon.service`   | 
| Restart an agent |  `sudo systemctl restart aws-discovery-daemon.service`   | 

------
#### [ Upstart ]


**Management commands for the Application Discovery Agent**  

| Task | Command | 
| --- | --- | 
| Verify that an agent is running |  `sudo initctl status aws-discovery-daemon`   | 
| Start an agent |  `sudo initctl start aws-discovery-daemon`   | 
| Stop an agent |  `sudo initctl stop aws-discovery-daemon`   | 
| Restart an agent |  `sudo initctl restart aws-discovery-daemon`   | 

------
#### [ System V init ]


**Management commands for the Application Discovery Agent**  

| Task | Command | 
| --- | --- | 
| Verify that an agent is running |  `sudo /etc/init.d/aws-discovery-daemon status`   | 
| Start an agent |  `sudo /etc/init.d/aws-discovery-daemon start`   | 
| Stop an agent |  `sudo /etc/init.d/aws-discovery-daemon stop`   | 
| Restart an agent |  `sudo /etc/init.d/aws-discovery-daemon restart`   | 

------

## Manage the Discovery Agent process on Microsoft Windows
Manage the process on Microsoft Windows

You can manage the behavior of the Discovery Agent at the system level through the Windows Server Manager Services console. The following table describes how.


| Task | Service Name | Service Status/Action | 
| --- | --- | --- | 
| Verify that an agent is running |  AWS Discovery Agent AWS Discovery Updater  | Started | 
| Start an agent |  AWS Discovery Agent AWS Discovery Updater  | Choose Start | 
| Stop an agent |  AWS Discovery Agent AWS Discovery Updater  | Choose Stop | 
| Restart an agent |  AWS Discovery Agent AWS Discovery Updater  | Choose Restart | 

# Uninstalling Discovery Agent
Uninstalling Discovery Agent

This page covers how to uninstall the Discovery Agent on Linux and Microsoft Windows.

## Uninstall Discovery Agent on Linux
Uninstall on Linux

This section describes how to uninstall Discovery Agent on Linux.

**To uninstall an agent if you're using the yum package manager**
+ Use the following command to uninstall an agent if using yum.

  ```
  rpm -e --nodeps aws-discovery-agent
  ```

**To uninstall an agent if you're using the apt-get package manager**
+ Use the following command to uninstall an agent if using apt-get.

  ```
  apt-get remove aws-discovery-agent:i386
  ```

**To uninstall an agent if you're using the zypper package manager**
+ Use the following command to uninstall an agent if using zypper.

  ```
  zypper remove aws-discovery-agent
  ```

## Uninstall Discovery Agent on Microsoft Windows
Uninstall on Microsoft Windows

This section describes how to uninstall Discovery Agent on Microsoft Windows.

**To uninstall a discovery agent on Windows**

1. Open the Control Panel in Windows.

1. Choose **Programs**.

1. Choose **Programs and Features**.

1. Select **AWS Discovery Agent**.

1. Choose **Uninstall**.

   
**Note**  
If you choose to reinstall the agent after uninstalling it, run the following command with the `/repair` and `/norestart` options.  

   ```
   .\AWSDiscoveryAgentInstaller.exe REGION="your-home-region" KEY_ID="aws-access-key-id" KEY_SECRET="aws-secret-access-key" /quiet /repair /norestart
   ```

   

**To uninstall a discovery agent on Windows using the command line**

1. Right-click **Start**.

1. Choose **Command Prompt**.

1. Use the following command to uninstall a discovery agent on Windows. 

   ```
   wmic product where name='AWS Discovery Agent' call uninstall
   ```

**Note**  
If the `.exe` file is present on the server, you can uninstall the agent completely from the server by using the following command. If you use this command to uninstall, you don't need to use the `/repair` and `/norestart` options when you reinstall the agent.  

```
 .\AWSDiscoveryAgentInstaller.exe /quiet /uninstall
```

# Starting and stopping Discovery Agent data collection
Starting and stopping data collection

After the Discovery Agent is deployed and configured, if data collections stops you can restart it. You can start or stop data collection through the console by following the steps in [Starting and stopping data collectors in the AWS Migration Hub consoleStarting and stopping data collectors](start-stop-data_collection.md), or by making API calls through the AWS CLI. Before starting be sure to generate [access keys](https://docs.aws.amazon.com//IAM/latest/UserGuide/id_credentials_access-keys.html) needed to manage the Discovery Agent.

**To install the AWS CLI and start or stop data collection**

1. If you have not already done so, install the AWS CLI appropriate to your OS type (Windows or Mac/Linux). See the [AWS Command Line Interface User Guide](https://docs.aws.amazon.com/cli/latest/userguide/) for instructions.

1. Open the Command prompt (Windows) or Terminal (MAC/Linux).

   1. Type `aws configure` and press Enter.

   1. Enter your AWS Access Key ID and AWS Secret Access Key.

   1. Enter your home Region for the Default Region Name, for example *`us-west-2`*. (We are assuming that `us-west-2` is your home Region in this example.)

   1. Enter `text` for Default Output Format.

1. To find the ID of the agent you want to stop or start data collection for, type the following command:

   ```
   aws discovery describe-agents
   ```

1. To start data collection by the agent, type the following command:

   ```
   aws discovery start-data-collection-by-agent-ids --agent-ids <agent ID>
   ```

   To stop data collection by the agent, type the following command:

   ```
   aws discovery stop-data-collection-by-agent-ids --agent-ids <agent ID>
   ```

   

# Troubleshooting Discovery Agent


This page covers troubleshooting the Discovery Agent on Linux and Microsoft Windows.

## Troubleshooting Discovery Agent on Linux


If you encounter problems while installing or using the Discovery Agent on Linux, consult the following guidance about logging and configuration. When helping to troubleshoot potential issues with the agent or its connection to the Application Discovery Service, AWS Support often requests these files.
+ **Log files**

  Log files for Discovery Agent are located in the following directory. 

  ```
  /var/log/aws/discovery/
  ```

  Log files are named to indicate whether they are generated by the main daemon, the automatic upgrader, or the installer.

   
+ **Configuration files**

  Configuration files for Discovery Agent version 2.0.1617.0 or newer are located in the following directory.

  ```
  /etc/opt/aws/discovery/
  ```

  Configuration files for versions of Discovery Agent before 2.0.1617.0 are located in the following directory.

  ```
  /var/opt/aws/discovery/
  ```
+ For instructions on how to remove older versions of the Discovery Agent, see [Prerequisites for Discovery Agent](gen-prep-agents.md).

## Troubleshooting Discovery Agent on Microsoft Windows


If you encounter problems while installing or using the AWS Application Discovery Agent on Microsoft Windows, consult the following guidance about logging and configuration. AWS Supportoften requests these files when helping to troubleshoot potential issues with the agent or its connection to the Application Discovery Service.
+ **Installation logging** 

  In some cases, the agent install command appears to fail. For example, a failure can appear with the Windows Services Manager showing that the discovery services are not being created. In this case, add **/log install.log** to the command to generate a verbose installation log.
+  **Operational logging** 

  On Windows Server 2008 and later, agent log files can be found under the following directory.

  ```
  C:\ProgramData\AWS\AWS Discovery\Logs
  ```

  On Windows Server 2003, agent log files can be found under the following directory.

  ```
  C:\Documents and Settings\All Users\Application Data\AWS\AWS Discovery\Logs
  ```

  Log files are named to indicate whether generated by the main service, automatic upgrades, or the installer.

   
+ **Configuration file**

  On Windows Server 2008 and later, the agent configuration file can be found at the following location.

  ```
  C:\ProgramData\AWS\AWS Discovery\config
  ```

  On Windows Server 2003, the agent configuration file can be found at the following location.

  ```
  C:\Documents and Settings\All Users\Application Data\AWS\AWS Discovery\config
  ```
+ For instructions on how to remove earlier versions of the Discovery Agent, see [Prerequisites for Discovery Agent](gen-prep-agents.md).