NEW - You can now accelerate your migration and modernization with AWS Transform. Read [Getting Started](https://docs.aws.amazon.com/transform/latest/userguide/getting-started.html) in the *AWS Transform User Guide*. # Manage your MGN Connectors MGN Connectors management The MGN Connectors page lists all the installed MGN connectors, providing a quick overview of your MGN connectors and their status and allowing you to quickly perform actions. ## Introduction to the MGN connector page The **MGN Connectors** page displays the list of MGN connectors, and supports adding, deleting and editing MGN connectors as well as performing actions using the MGN connectors. The **MGN Connectors** page provides information for each MGN connector, including: + **MGN Connector name** - The unique name for each MGN connector. Additional details of the MGN connector are available in the MGN details page. Click the MGN connector name, to view its details. + **Registered servers** - The number of registered source servers managed by this MGN connector. + **Last seen** - The last time AWS Application Migration Service communicated with the MGN connector. **Topics** + [ ## Introduction to the MGN connector page ](#mgn-connector-list-interacting) + [ # Add MGN connector ](add-connector.md) + [ # Edit connector ](edit-connector.md) + [ # Delete MGN connector ](delete-connector.md) + [ # Register server credentials ](connector-register-server-credentials.md) + [ # Verify source server prerequisites ](connector-verify-prereqs.md) + [ # Install the replication agent ](connector-install-agent.md) + [ # View command history ](connector-view-command-history.md) # Add MGN connector To add an MGN connector, click **Add MGN connector**, to open the Add MGN connector page. Set up your MGN connector by providing the following: + Connector name: The MGN connector name is used to identify the connector. This field is mandatory, and limited to 256 characters. The name must be unique (case-insensitive) per account per Region. + Obtain the SSM hybrid activation parameters (installation key and ID), which is required in order install the SSM agent on the MGN connector. For more information on SSM activation parameters see [here](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-managed-instance-activation.html). + In the SSM hybrid activation set the **AWSApplicationMigrationConnectorManagementRole** in the management account. + Activation setting → select an existing IAM role → **AWSApplicationMigrationConnectorManagementRole** + See the [permissions](mgn-connector-permissions.md) page for the required permissions of **AWSApplicationMigrationConnectorManagementRole**. + Temporary IAM credentials of the **MGNConnectorInstallerRole** role that you created [here](mgn-connector-permissions.md). + Request temporary security credentials [ through AWS STS ](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) through the [AssumeRole API](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html). + [Learn more about how temporary credentials work.](Agent-Related-FAQ.md#temporary-credentials-operation) To download the MGN connector software, use the following commands: + **Download the installer command** - Copy and paste the command into the command prompt of the server you’ve designated for the MGN connector. This will download the AWS MGN installer. + **Copy and paste this command into the command line on your MGN connector** - Copy and paste the command into the command prompt of the same server. This will install the AWS MGN connector software. After the MGN connector is installed it automatically begins communicating with the console and appears in the MGN connectors list. Next, you must register source servers to the MGN connector. You may install multiple MGN connectors to handle large amount of source servers or multiple data centers. Each MGN connector is able to handle up to 500 source servers. AWS MGN supports up to 50 MGN connectors per account per region. The MGN connector installation is facilitated through the SSAF client, which is publicly accessible from the S3 bucket `aws-application-migration-service-{{region}}`. The most recent installer can be found at `/latest/source-automation-client/linux/ssaf-client/`, with a corresponding signature file at `/latest/source-automation-client/linux/ssaf-client/ssaf_client.sig` for binary validation. For user convenience, these technical aspects are handled automatically when using either the console or the SSM document *"AWSMigration-RunSourceServerAction"* to perform the installation. # Edit connector To edit an MGN connector, click **Edit**. When the **Edit MGN connector** page opens, you can modify the MGN connector name and tags. To finalize your changes, click **Save changes**. # Delete MGN connector To delete an MGN connector, click **Delete**. When the **Delete MGN connector** dialog opens, verify that you want to delete the selected MGN connector. Once an MGN connector is uninstalled, it can no longer be used to manage your source servers. **Note** Deleting the MGN connector will disassociate the servers from the MGN connector, but will not delete them from servers inventory. # Register server credentials Once you have the MGN connector set up and ready to use, you can register source servers to the MGN connector. To do so click on the MGN connector name, then click “Register servers“. The servers list contain the source servers that were imported via the import feature or discovered by the agentless replication process. Select the source servers you want to register to the MGN connector. Click the "Register servers with the MGN connector" button. To perform actions on your source server, you must provide source server credentials. Server credentials are stored in AWS Secrets Manager. You can use an existing secret from the AWS Secrets Manager or create a new one. You can create the credentials in the MGN console, by choosing **Register server credentials** from the **Actions** men. + Use existing secret + Using AWS Secrets Manager MGN can use the stored source server credentials and API keys in order to connect to the source machine and perform actions on it. You must specify the secret that stores the source server credentials, using an existing secret. + You may designate the same secret for multiple source servers, if they share the same credentials. + Be sure to add the AWSApplicationMigrationServiceManaged tag to the secret. The value is ignored, and may be left empty. + Create new secret + **Secret name** - Enter a name for your new secret. The name you specify will be saved in AWS Secret Manager. + **Encryption key** - To encrypt, either use the KMS key provided by Secret Manager or create your own customer managed KMS key. + **For Windows servers:** + **Communication protocol** – this is the WinRM connection protocol between the MGN Connector and Source Servers used to install the agents. **Note** Though you can use HTTP, we recommend that you use HTTPS to ensure secure and encrypted communication between the MGN connector and the source servers. Specify either: + **HTTP** + **HTTPS** + **UserName** – A user that is authorized to install the agent and perform actions on the source server. + **Password** – The specific source server's password. + **CertificateAuthority** (Optional) - Include the source server IPs in the certificate's SAN field to enable communication. + **For Linux servers:** + **UserName** – A user that is authorized to install the agent and perform actions on the source server. + **Provide one of the following:** + **Password** – The specific source server's password. + **PrivateKey** – The source server’s private key. + **HostKey** (Optional) – include the host key to validate it during SSH connection. + **Tags** - Secret key-value pairs will be assigned to the new secret. Note that AWSApplicationMigrationServiceManaged tag will also be added. + Here is the structure of the secrets manager entry: ``` { "WinConnectionProtocol":"HTTPS", "WinUserName":"windows_username", "WinPassword":"windows_password", "WinCertificateAuthority":"", "WinCaValidation":false, "LinuxUserName":"linux_username", "LinuxPrivateKey":"linux_private_key", "LinuxHostKey":"linux_host_key", "LinuxHostKeyValidation":false } ``` + **Note** The CA/HostKey validation is turned on by default, indicated by the validation flag being set to true. Provide the CA or HostKey in the json for validation. If you don’t provide it, you must explicitly disable validation by setting the validation flag to false. The key algorithm in HostKey, must be provided in the following format: ``` "HostKey": "algorithm_name thumbprint" ``` List of supported algorithms: "ssh-ed25519", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521", "rsa-sha2-512", "rsa-sha2-256", "ssh-rsa", "ssh-dss" # Verify source server prerequisites The **Verify prerequisites** action ensures the AWS replication agent can be installed on each of the source servers. The verification process ensures there’s enough disk space, RAM and CPU for installing the AWS replication agent. # Install the replication agent Following the prerequisite check, you can proceed to **install the replication agent**, to start your migration execution. # View command history After performing an action, you can **view the command history** for information on the command status.