AWS Migration Hub is no longer open to new customers as of November 7, 2025. For capabilities similar to AWS Migration Hub, explore [AWS Transform](https://aws.amazon.com/transform).

# Getting started with Strategy Recommendations
<a name="getting-started"></a>

This section describes how to get started with Migration Hub Strategy Recommendations.

**Topics**
+ [Prerequisites](getting-started-prerequisites.md)
+ [Step 1: Download the collector](getting-started-dowmload-collector.md)
+ [Step 2: Deploy the collector](getting-started-deploy.md)
+ [Step 3: Sign in to the collector](getting-started-login-vm.md)
+ [Step 4: Set up the collector](getting-started-collector-setup.md)
+ [Step 5: Get recommendations](getting-started-get-recommendations.md)

# Prerequisites for Strategy Recommendations
<a name="getting-started-prerequisites"></a>

The following are the prerequisites for using Migration Hub Strategy Recommendations.
+ You must have one or more AWS accounts, and users set up for these accounts. For more information, see [Setting up Strategy Recommendations](setting-up.md).
+ The Strategy Recommendations application data collector client must be able to collect data remotely from servers. This requires that you use a set of credentials that work for all your Windows servers and a set of credentials that work for all of your Linux servers. The credentials must have permissions to create and delete directories in your servers. 
+ The version of the collector that is deployed in vCenter supports VMware vCenter Server V6.0, V6.5, 6.7 or 7.0. 

  You can also deploy the collector in an Amazon EC2 instance using the collector AMI.
+ Verify that your operating system (OS) environment is supported:
  + **Linux**
    + Amazon Linux 2012.03, 2015.03
    + Amazon Linux 2 (9/25/2018 update and later)
    + Ubuntu 12.04, 14.04, 16.04, 18.04, 20.04
    + Red Hat Enterprise Linux 5.11, 6.10, 7.3, 7.7, 8.1
    + CentOS 5.11, 6.9, 7.3
    + SUSE 11 SP4, 12 SP5
  + **Windows**
    + Windows Server 2008 R1 SP2, 2008 R2 SP1
    + Windows Server 2012 R1, 2012 R2
    + Windows Server 2016
    + Windows Server 2019
+ For source code analysis, your GitHub and GitHub Enterprise repositories must have a personal access token with the **repo** scope that can be shared with the Strategy Recommendations collector client. For more information about creating a personal access token with the **repo** scope, see [ Creating a personal access token](https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/creating-a-personal-access-token) in the *GitHub Docs*. 

  To analyze .NET repositories for Porting Assistant for .NET recommendations, you must provide a Windows machine that is set up with the Porting Assistant for .NET porting assessment tool. For more information, see [Getting started with Porting Assistant for .NET](https://docs.aws.amazon.com/portingassistant/latest/userguide/porting-assistant-getting-started.html) in the *Porting Assistant for .NET User Guide*. 
+ To enable Strategy Recommendations for database analysis, you must enter credentials in AWS Secrets Manager. For more information, see [Strategy Recommendations database analysis](database-analysis.md).
+ 

  You must use AWS Application Discovery Service to collect data about your servers and applications in the AWS Migration Hub console before using Strategy Recommendations. You can use one of the following methods to collect the data. 
  + **Migration Hub import** – With Migration Hub import, you can import information about your on-premises servers and applications into Migration Hub. For more information, see [Migration Hub Import](https://docs.aws.amazon.com/application-discovery/latest/userguide/discovery-import.html) in the *Application Discovery Service User Guide*. 
  + **AWS Application Discovery Service Agentless Collector** – The Agentless Collector is a VMware appliance that collects information about VMware virtual machines (VMs). For more information, see [Agentless Collector](https://docs.aws.amazon.com/application-discovery/latest/userguide/agentless-collector.html) in the *Application Discovery Service User Guide*.
  + **AWS Application Discovery Agent** – The Discovery Agent is AWS software that you install on your on-premises servers and VMs to capture system information and details of the network connections between systems. For more information, see [AWS Application Discovery Agent](https://docs.aws.amazon.com/application-discovery/latest/userguide/discovery-agent.html) in the *Application Discovery Service User Guide*.
+ **Strategy Recommendations data collector **– If your servers are hosted in VMware vCenter, and you provide access, Strategy Recommendations can automatically fetch your server inventory. The Strategy Recommendations console will use the collected information to assist with the assessment.

**Note**  
 To verify that the Migration Hub import completed successfully, in the Migration Hub console navigation pane, under **Discover**, choose **Servers**. All the imported servers should be listed.   

![\[This is an image of the Migration Hub console Servers list page.\]](http://docs.aws.amazon.com/migrationhub-strategy/latest/userguide/images/optimus-ads-server-list.png)


## Next
<a name="getting-started-prerequisites-next"></a>

 [Step 1: Download the Strategy Recommendations collector](getting-started-dowmload-collector.md) 

# Step 1: Download the Strategy Recommendations collector
<a name="getting-started-dowmload-collector"></a>

Migration Hub Strategy Recommendations application data collector is a virtual appliance that you can install in your on-premises VMware environment. The Strategy Recommendations application data collector is also available as an Amazon Machine Image (AMI). If you want to use the AMI version of the collector to assess AWS applications or for some other reason, you don't need to download the collector. You can skip this section and go to [Deploy the Strategy Recommendations collector in an Amazon EC2 instance](getting-started-deploy.md#getting-started-deploy-ec2).

This section describes how to download the collector Open Virtualization Archive (OVA) file that you use to deploy the collector as a virtual machine (VM) in your VMware environment.

**To download the collector OVA file**

1. Using the AWS account that you created in [Setting up Strategy Recommendations](setting-up.md), sign in to the AWS Management Console and open the Migration Hub console at [https://console.aws.amazon.com/migrationhub/](https://console.aws.amazon.com/migrationhub/).

1. In the Migration Hub console navigation pane, choose **Strategy**.

1. On the **Migration Hub Strategy Recommendations** page, choose **Download data collector**.

1. Optionally, you can choose **Download the import template** if you want to import application data. For more information about importing data, see [Importing data into Strategy Recommendations](importing-data.md). 

1. Click on **Get recommendations** button and choose **Agree** to allow Migration Hub to create a service-linked role (SLR) in your account. When setting up Strategy Recommendations for the first time, you must create the SLR. For more information, see [Using service-linked roles for Strategy Recommendations](using-service-linked-roles.md).

## Next step
<a name="getting-started-dowmload-collector-next"></a>

 [Step 2: Deploy the Strategy Recommendations collector](getting-started-deploy.md) 

# Step 2: Deploy the Strategy Recommendations collector
<a name="getting-started-deploy"></a>

This section describes how to deploy the Strategy Recommendations application data collector. An application data collector is an agentless data collector that identifies running applications on your servers, performs source code analysis, and analyzes your databases.

**Note**  
The Strategy Recommendations for On-prem customers is in KTLO mode. Existing customers can continue to use it.

There are two ways to deploy the collector:
+ Deploy as a virtual machine (VM) in your VMware vCenter Server. For more information, see [Deploy the Strategy Recommendations collector in vCenter](#getting-started-deploy-vm). 
+ If you have AWS applications that you want to assess, you can use the Strategy Recommendations collector Amazon Machine Image (AMI). For more information, see [Deploy the Strategy Recommendations collector in an Amazon EC2 instance](#getting-started-deploy-ec2). 

## Deploy the Strategy Recommendations collector in vCenter
<a name="getting-started-deploy-vm"></a>

Migration Hub Strategy Recommendations application data collector is a virtual appliance that you can install in your on-premises VMware environment. This section describes how to deploy the collector Open Virtualization Archive (OVA) file as a virtual machine (VM) in your VMware environment.

The following procedure describes how to deploy the Strategy Recommendations collector in your VMware vCenter Server environment.

**To deploy the collector in vCenter**

1. Sign in to vCenter as a VMware administrator.

1. Deploy the OVA file that you downloaded in Step 1. The OVA file includes the collector and a CLI that can be used to access the Strategy Recommendations API.

   You can also download the OVA file from the following link:

   [https://application-data-collector-release.s3.us-west-2.amazonaws.com/ova/latest/AWSMHubApplicationDataCollector.ova](https://application-data-collector-release.s3.us-west-2.amazonaws.com/ova/latest/AWSMHubApplicationDataCollector.ova) 

We recommend the following specifications for the VM.

**Strategy Recommendations collector VM specifications**
+ **RAM** – a minimum of 8 GB
+ **CPUs** – at least 4

**Note**  
To ensure that you are using the latest version of the collector with all the new features and bug fixes, upgrade the collector after you deploy the collector OVA file. For instructions about how to upgrade, see [Upgrading the Strategy Recommendations collector](application-data-collector.md#upgrade-collector). 

## Deploy the Strategy Recommendations collector in an Amazon EC2 instance
<a name="getting-started-deploy-ec2"></a>

If you have AWS applications that you would like to assess, you can use the Strategy Recommendations application data collector Amazon Machine Image (AMI). 

The following procedure describes how to launch an Amazon EC2 instance from the collector AMI.

**To deploy the collector Amazon EC2 instance**

1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/).

1. In the navigation bar at the top of the screen, the current Region is displayed (for example, US East (Ohio)). Choose a Region that suits your needs from the Regions that Strategy Recommendations uses. For a list of these Regions, see [Strategy Recommendations endpoints](https://docs.aws.amazon.com/general/latest/gr/migrationhubstrategy.html) in the *AWS General Reference*.

1. In the navigation pane, under **Images** choose **AMIs**.

1. Choose **Public images** from the **Owned by me** dropdown.

1. Choose the search bar and select **AMI Name** from the menu. 

1. Enter the name **AWSMHubApplicationDataCollector**.

1. To ensure that the AMI is from a secure source, verify that the owner of the account is **703163444405**.

1. To launch an instance from this AMI, select it, and then choose **Launch**. For more information about launching an instance using the console, see [Launching your instance from an AMI](https://docs.aws.amazon.com//AWSEC2/latest/UserGuide/launching-instance.html#choose-an-instance-type-page) in the *Amazon EC2 User Guide*.

   We recommend the following specifications for the Amazon EC2 instance.

**Strategy Recommendations collector Amazon EC2 instance specifications**
   + **RAM** – A minimum of 8 GB
   + **CPUs** – At least 4

The Strategy Recommendations AMI includes the collector and a CLI that can be used to access the Strategy Recommendations API.

**Note**  
To ensure that you are using the latest version of the collector with all the new features and bug fixes, upgrade the collector after you deploy the Strategy Recommendations collector as an Amazon EC2 instance. For instructions about how to upgrade, see [Upgrading the Strategy Recommendations collector](application-data-collector.md#upgrade-collector).

## Next step
<a name="getting-started-deploy-next"></a>

 [Step 3: Sign in to the Strategy Recommendations collector](getting-started-login-vm.md) 

# Step 3: Sign in to the Strategy Recommendations collector
<a name="getting-started-login-vm"></a>

This section describes how to sign in to the deployed Migration Hub Strategy Recommendations application data collector. How you sign in to the collector depends on how you deployed it.
+  [Sign in to the collector deployed in the vCenter based environment](#getting-started-login-vcenter)
+ [Sign in to the collector deployed as an Amazon EC2 instance](#getting-started-login-ec2)

## Sign in to the collector deployed in the vCenter based environment
<a name="getting-started-login-vcenter"></a>

**To sign in to the Strategy Recommendations collector deployed in the vCenter based environment**

1. Use the following command to connect to the collector using an SSH client.

   ```
   ssh ec2-user@CollectorIPAddress
   ```

1. When prompted for a password, enter the default password **aq1@WSde3**. You must change the password the first time you sign in.

## Sign in to the collector deployed as an Amazon EC2 instance
<a name="getting-started-login-ec2"></a>

**To sign in to the Strategy Recommendations collector deployed as an Amazon EC2 instance**
+ Use the following command to connect to the collector using an SSH client.

  ```
  ssh -i "Keyname.pem" ec2-user@CollectorIPAddress
  ```

  Keyname.pem is the private key that was generated when you launched the Amazon EC2 instance from the collector AMI.

## Next step
<a name="getting-started-login-vm-next"></a>

 [Step 4: Set up the Strategy Recommendations collector](getting-started-collector-setup.md) 

# Step 4: Set up the Strategy Recommendations collector
<a name="getting-started-collector-setup"></a>

This section describes how to use the command line `collector setup` commands to configure the Migration Hub Strategy Recommendations application data collector. These configurations are stored locally.

Before you can use `collector setup` commands, you must create a bash shell session in the collector Docker container using the following `docker exec` command.

```
docker exec -it application-data-collector bash
```

The `collector setup` command runs all of the following commands in succession but you can run them individually:
+ `collector setup --aws-configurations` – Set up AWS configurations.
+ `collector setup --vcenter-configurations` – Set up vCenter configurations.
**Note**  
vCenter configuration setup is only available if the collector is hosted on vCenter. However, you can force vCenter configuration setup by using the command `collector setup --vcenter-configurations`.
+ `collector setup --remote-server-configurations` – Set up remote server configurations.
+ `collector setup --version-control-configurations` – Set up version control configurations.

**To set up all the collector configurations at the same time**

1. Enter the following command.

   ```
   collector setup
   ```

1. Enter the information for AWS configurations as described in [Set up AWS configurations](#cli-collector-setup-aws-config).

1. Enter the information for vCenter configurations as described in [Set up vCenter configurations](#cli-collector-setup-vcenter-config).

1. Enter the information for remote server configurations as described in [Set up remote server configurations](#cli-collector-setup-remote-server-config).

1. Enter the information for version control configurations as described in [Set up version control configurations](#cli-collector-setup-git-source-config).

1. Prepare your Windows and Linux servers for collector data collection by following the instructions in [Prepare your remote Windows and Linux servers for data collectionPrepare your remote servers for data collection](#cli-collector-setup-remote-servers).

## Set up AWS configurations
<a name="cli-collector-setup-aws-config"></a>

To set up AWS configurations, when using the `collector setup` command or the `collector setup --aws-configurations` command.

1. Enter **Y** for yes to the **Have you setup IAM permissions...** question. You set up these permissions when you created a user to access the collector using the `AWSMigrationHubStrategyCollector` managed policy following the steps in [Strategy Recommendations users and roles](setting-up.md#setting-up-iam-non-admin).

1. Enter your access key and secret key from the AWS account that has the user that you created to access the collector following the steps in [Strategy Recommendations users and roles](setting-up.md#setting-up-iam-non-admin).

1. Enter a Region, for example, `us-west-2`. Choose a Region that suits your needs from the Regions that Strategy Recommendations uses. For a list of these Regions, see [Strategy Recommendations endpoints](https://docs.aws.amazon.com/general/latest/gr/migrationhubstrategy.html) in the *AWS General Reference*.

1. Enter **Y** for yes to the **Upload collector related metrics to migration hub strategy service?** question. Metrics information helps AWS provide you with appropriate support.

1. Enter **Y** for yes to the **Upload collector related logs to migration hub strategy service?** question. Information from logs helps AWS provide you with appropriate support.

The following example shows what is displayed, including example entries for the AWS configurations.

```
Have you setup IAM permissions in you AWS account as per the user guide? [Y/N]: Y
Choose one of the following options for providing user credentials:
1. Long term AWS credentials
2. Temporary AWS credentials
Enter your options [1-2]: 2
AWS session token: 
AWS access key ID [None]: 
AWS secret access Key [None]: 
AWS region name [us-west-2]: 
AWS configurations are saved successfully
Upload collector related metrics to migration hub strategy service? By default collector will upload metrics. [Y/N]: Y
Upload collector related logs to migration hub strategy service? By default collector will upload logs. [Y/N]: Y
Application data collector configurations are saved successfully
Start registering application data collector
Application data collector is registered successfully.
```

## Set up vCenter configurations
<a name="cli-collector-setup-vcenter-config"></a>



To set up vCenter configurations, when using the `collector setup` command or the `collector setup --vcenter-configurations` command:

1. Enter **Y** for yes to the **Would you like to authenticate using VMware vCenter credentials** question, if you want to authenticate using VMware vCenter credentials.
**Note**  
Authenticating using VMware vCenter credentials requires that VMware tools are installed on the target servers.

   Enter the **Host Url**, which can be either the vCenter IP address or URL. Then, enter the **Username** and **Password** for VMware vCenter.

1. Enter **Y** for yes to the **Do you have Windows machines managed by VMware vCenter** question, if you want to configure Windows servers.

   Enter the **Username** and **Password** for Windows.
**Note**  
If your Windows Remote Server belongs to an Active Directory domain, you must enter the user name as *domain-name*\$1*username* when using the CLI to provide remote server configurations. For example, if the name of your domain is exampledomain and your user name is Administrator, then the user name you enter in the CLI is **exampledomain\$1Administrator**.

1. Enter **Y** for yes to the **Setup for Linux using VMware vCenter** question, if you want to configure Linux servers.

   Enter the **Username** and **Password** for Linux.

1. Enter **Y** for yes to the **Would you like to setup credentials for servers outside vCenter using NTLM for Windows** and **SSH/Cert based for Linux** questions, if you want to set up remote server credentials for servers outside of vCenter.

1. For the **Would you like to use the same Windows credentials used during vCenter setup** question, enter **Y** for yes if the credentials for the Windows machines managed outside of vCenter are the same as the credentials provided when configuring credentials for vCenter Windows machines. Otherwise, enter **N** for no.

   

   If you answer **Y** for yes, the following questions are asked.

   1. Enter **Y** for yes to the **Are you okay with collector accepting and locally storing server certificates on your behalf during first interaction with windows servers?** question.

   1. Enter **1** for the **Enter your options** question, if you want to configure for SSH authentication.

      If you choose to use SSH authentication, you must copy the generated key credentials to your Linux servers. For more information, see [Set up key-based authentication on Linux servers](#cli-collector-setup-linux-key).

The following example shows what is displayed, including example entries for the VMware vCenter configurations.

```
Your Linux remote server configurations are saved successfully.
collector setup —vcenter-configurations
Start setting up vCenter configurations for remote execution
Note: Authenticating using VMware vCenter credentials requires VMware tools to be installed on the target servers
Would you like to authenticate using VMware vCenter credentials? [Y/N]: y

NOTE: Your vSphere user must have Guest Operations privileges enabled.

Host Url for VMware vCenter: domain-name
Username for VMware vCenter: username
Password for VMware vCenter: password
Reenter password for VMware vCenter: password
Successfully stored vCenter credentials...
Do you have Windows machines managed by VMware vCenter? [Y/N]: y

NOTE: For the best experience, we recommend that you create a new Active Directory user in the Domain Admins group.

Username for Windows (Domain\User): username
Password for Windows: password
Reenter password for Windows: password
Successfully stored windows credentials...
You can verify your setup for vCenter windows machines is correct with "collector diag-check"
Do you have Linux machines managed by VMWare vCenter? [Y/N]: y
Username for Linux: username
Password for Linux: password
Reenter password for Linux: password
Successfully stored linux credentials...
You can verify your setup for vCenter linux machines is correct with "collector diag-check"
Would you like to setup credentials for servers not managed by vCenter using NTLM for windows and SSH/Cert based for Linux? [Y/N]: y
Setting up target server for remote execution:
Would you like to setup credentials for servers not managed by vCenter using NLTM for Windows [Y/N]: y
Would you like to use the same Windows credentials used during vCenter setup? [Y/N]: y
Are you okay with collector accepting and locally storing server certificates on your behalf during first interaction with windows servers? These certificates will be used by collector for secure communication with windows servers [Y/N]: y
Successfully stored windows server credentials...
Please note that all windows server certificates are stored in directory /opt/amazon/application-data-collector/remote-auth/windows/certs

Please note the IP address of the collector and run the script specified in the user documentation on all the windows servers in your inventory
You can verify your setup for remote windows machines is correct with "collector diag-check"
Would you like to setup credentials for servers not managed by vCenter using SSH/Cert based for Linux? [Y/N]: y
Choose one of the following options for remote authentication:
1. SSH based authentication
2. Certificate based authentication
Enter your options [1-2]: 1
Would you like to use the same Linux credentials used during vCenter setup? [Y/N]: y
Generating SSH key on this machine...
Successfully generated SSH key pair

SSH key pair path: /opt/amazon/application-data-collector/remote-auth/linux/keys/id_rsa_assessment
Please add the public key "id_rsa_assessment.pub" to the "$HOME/.ssh/authorized_keys" file in your remote machines.
You can verify your setup for remote linux machines is correct with "collector diag-check
```

## Set up remote server configurations
<a name="cli-collector-setup-remote-server-config"></a>

To set up remote server configurations, when using the `collector setup` command or the `collector setup --remote-server-configurations` command:

1. Enter **Y** for yes to the **Would you like to setup credentials for servers not managed by vCenter using NLTM for Windows** question, if you want to configure Windows servers.

   Enter the **Username** and **Password** for WinRM.
**Note**  
If your Windows Remote Server belongs to an Active Directory domain, you must enter the user name as *domain-name*\$1*username* when using the CLI to provide remote server configurations. For example, if the name of your domain is exampledomain and your user name is Administrator, then the user name you enter in the CLI is **exampledomain\$1Administrator**.

   Enter **Y** for yes to the **Are you okay with collector accepting and locally storing server certificates on your behalf during first interaction with windows servers?** question. Windows Server certificates are stored in the directory `/opt/amazon/application-data-collector/remote-auth/windows/certs`.

   You must copy the generated server credentials to your Windows servers. For more information, see [Set up remote server configuration on Windows servers](#cli-collector-setup-windows).

1. Enter **Y** for yes to the **Setup for Linux using SSH or Cert** question, if you want to configure Linux servers.

1. Enter **1** for the **Enter your options** question, if you want to configure for SSH key based authentication.

   If you choose to use SSH authentication, you must copy the generated key credentials to your Linux servers. For more information, see [Set up key-based authentication on Linux servers](#cli-collector-setup-linux-key).

1. Enter **2** for the **Enter your options** question, if you want to configure for certificate-based authentication.

   For information about setting up certificate-based authentication, see [Set up certificate-based authentication on Linux servers](#cli-collector-setup-linux-certificate). 

   

The following example shows what displayed, including example entries for the remote server configurations.

```
Setting up target server for remote execution
Would you like to setup credentials for servers not managed by vCenter using NLTM for Windows [Y/N]: y

NOTE: For the best experience, we recommend that you create a new Active Directory user in the Domain Admins group.

Username for WinRM (Domain\User): username
Password for WinRM: password
Reenter password for WinRM: password
Are you okay with collector accepting and locally storing server certificates on your behalf during first interaction with windows servers? These certificates will be used by collector for secure communication with windows servers [Y/N]: Y
Successfully stored windows server credentials...
Please note that all windows server certificates are stored in directory /opt/amazon/application-data-collector/remote-auth/windows/certs

Please note the IP address of the collector and run the script specified in the user documentation on all the windows servers in your inventory
Would you like to setup credentials for servers not managed by vCenter using SSH/Cert based for Linux? [Y/N]: Y
Choose one of the following options for remote authentication:
1. SSH based authentication
2. Certificate based authentication
Enter your options [1-2]: 1 
User name for remote server: username
Generating SSH key on this machine...
SSH key pair path: /opt/amazon/application-data-collector/remote-auth/linux/keys/id_rsa_assessment
Please add the public key "id_rsa_assessment.pub" to the "$HOME/.ssh/authorized_keys" file in your remote machines.
Your Linux remote server configurations are saved successfully.
```

## Set up version control configurations
<a name="cli-collector-setup-git-source-config"></a>

To set up version control configurations, when using the `collector setup` command or the `collector setup --version-control-configurations` command:

1. Enter **Y** for yes to the **Set up source code analysis?** question.

1. Enter **1** for the **Enter your options** question, if you want to configure the Git server endpoint.

   Enter **github.com** for the **GIT server endpoint:**.

1. Enter **2** for the **Enter your options** question, if you want to configure a GitHub Enterprise Server.

   Enter the enterprise endpoint without https://, as follows: **GIT server endpoint:** *git-enterprise-endpoint*

1. Enter your Git *username* and personal access *token*.

1. Enter **Y** for yes to the **Do you have any csharp repositories that should be analyzed on a windows machine?** question, if you want to analyze C\$1 code.
**Note**  
To analyze .NET repositories for Porting Assistant for .NET recommendations, you must provide a Windows machine that is set up with the Porting Assistant for .NET porting assessment tool. For more information, see [Getting started with Porting Assistant for .NET](https://docs.aws.amazon.com/portingassistant/latest/userguide/porting-assistant-getting-started.html) in the *Porting Assistant for .NET User Guide*.

1. For the **Would you like to reuse existing windows credentials on this machine?** question. Enter **Y** for yes, if the Windows machine for C\$1 source code analysis uses the same credentials as the credentials previously provided as part of setting up `--remote-server-configurations` or `--vcenter-configurations`.

   Enter **N** for no, if you want to enter new credentials.

1. To use **VMWare vCenter Windows Machine** credentials, enter **1** for **Choose one of the following options for windows credentials**. 

1. Enter the IP address for the Windows machine.

The following example shows what is displayed, including example entries for the version control configurations.

```
Set up for source code analysis [Y/N]: y
Choose one of the following options for version control type:
1. GIT
2. GIT Enterprise
3. Azure DevOps - Git
Enter your options [1-3]: 3
Your server endpoint: dev.azure.com (http://dev.azure.com/)
Your DevOps Organization name: <Your organization name>
Personal access token [None]:
Your version control credentials are saved successfully.
Do you have any csharp repositories that should be analyzed on a windows machine? [Y/N]: y
Would you like to reuse existing windows credentials on this machine? [Y/N]: y
Choose one of the following options for windows credentials:
1. VMWare vCenter Windows Machine
2. Standard Windows Machine
Enter your options [1-2]: 
1
Windows machine IP Address: <Your windows machine IP address>
Using VMWare vCenter Windows Machine credentials
Successfully stored windows server credentials...
```

## Prepare your remote Windows and Linux servers for data collection
<a name="cli-collector-setup-remote-servers"></a>

**Note**  
This step isn’t necessary if you setup the Strategy Recommendations applications data collector using vCenter credentials.

After you set up your remote server configurations, if you are using the `collector setup command` or the `collector setup --remote-server-configurations` command, you must prepare your remote servers so that the Strategy Recommendations applications data collector can collect data from them.

**Note**  
You must make sure that the servers are reachable using their private IP address. For further instructions on how to set up the environment through a virtual private cloud (VPC) on AWS for remote running, see the [Amazon Virtual Private Cloud User Guide](https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html). 

To prepare your remote Linux servers, see [Prepare remote Linux servers](#cli-collector-setup-linux).

To prepare your remote Windows servers, see [Set up remote server configuration on Windows servers](#cli-collector-setup-windows).

### Prepare remote Linux servers
<a name="cli-collector-setup-linux"></a>

#### Set up key-based authentication on Linux servers
<a name="cli-collector-setup-linux-key"></a>

If you choose to set up SSH key-based authentication for Linux when configuring remote server configurations, you must perform the following steps to set up key-based authentication on your servers so that data can be collected by the Strategy Recommendations applications data collector.

**To set up key-based authentication on your Linux servers**

1. Copy the public key generated with the name **id\$1rsa\$1assessment.pub** from the following folder in the container:

   **/opt/amazon/application-data-collector/remote-auth/linux/keys**. 

1. Append the copied public key in the `$HOME/.ssh/authorized_keys` file for all the remote machines. If there is no file available, create it using the `touch` or `vim` command.

1. Make sure that the home folder on the remote server has permission level `755` or less. If it's `777`, it won't work. You can use the `chmod` command to restrict permissions.

#### Set up certificate-based authentication on Linux servers
<a name="cli-collector-setup-linux-certificate"></a>

If you choose to set up certificate-based authentication for Linux when configuring remote server configurations, you must perform the following steps so that data can be collected by the Strategy Recommendations application data collector.

We recommend this option if you already have Certificate Authority (CA) set up for your application servers.

**To set up certificate-based authentication on your Linux servers**

1. Copy the user name that works with all your remote servers.

1. Copy the public key of the collector to the CA. 

   The public key for the collector can be found in the following location: 

   **/opt/amazon/application-data-collector/remote-auth/linux/keys/id\$1rsa\$1assessment.pub**

   This public key must be added to your CA for generating the certificate.

1.  Copy the certificate generated in the previous step to the following location in the collector: 

   **/opt/amazon/application-data-collector/remote-auth/linux/keys**

   The name of the certificate must be **id\$1rsa\$1assessment-cert.pub**. 

1. Provide the certificate file name during the setup step.

### Set up remote server configuration on Windows servers
<a name="cli-collector-setup-windows"></a>

If you choose to set up Windows when configuring remote server configurations in the collector setup, you must perform the following steps so that data can be collected by Strategy Recommendations.

**To understand more about the PowerShell script that is executed on the remote server, read this note.**  
The script enables PowerShell remote and disables all authentication methods other than negotiate. This is used for Windows NT LAN Manager (NTLM) and sets the "AllowUnencrypted" WSMan protocol to false to ensure that the newly created listener accepts only encrypted traffic. Using the Microsoft provided script, `New-SelfSignedCertificateEx.ps1`, it creates a self-signed certificate.  
Any WSMan Instance that has a HTTP listener is removed along with existing HTTPS listeners. Then, it creates a new HTTPS listener. It also creates an inbound firewall rule for TCP port 5986. In the final step, the WinRM service is restarted.

**To set up data collection through a remote connection on your Windows 2008 servers**

1. Use the following command to check the version of PowerShell installed on your server.

   ```
   $PSVersionTable
   ```

1. If the PowerShell version is not 5.1, then download and install WMF 5.1 by following the instructions at [ Install and Configure WMF 5.1](https://docs.microsoft.com/en-us/powershell/scripting/windows-powershell/wmf/setup/install-configure?view=powershell-7.1) in the Microsoft documentation.

1. Use the following command in a new PowerShell window to ensure that PowerShell 5.1 is installed.

   ```
   $PSVersionTable
   ```

1. Follow the next set of steps, which describe how to set up data collection through a remote connection on Windows 2012 and above.

**To set up data collection through a remote connection on your Windows 2012 and newer servers**

1. Download the setup script from the following URL:

   [ https://application-data-collector-release.s3.us-west-2.amazonaws.com/scripts/WinRMSetup.ps1 ](https://application-data-collector-release.s3.us-west-2.amazonaws.com/scripts/WinRMSetup.ps1)

1. Download the `New-SelfSignedCertificateEx.ps1` from the following URL and paste the script into the same folder in which you downloaded `WinRMSetup.ps1`:

   [ https://github.com/Azure/azure-libraries-for-net/blob/master/Samples/Asset/New-SelfSignedCertificateEx.ps1 ](https://github.com/Azure/azure-libraries-for-net/blob/master/Samples/Asset/New-SelfSignedCertificateEx.ps1)

1. To complete the setup, run the downloaded PowerShell script on all application servers.

   ```
   .\WinRMSetup.ps1
   ```

**Note**  
If Windows Remote Management (WinRM) is not set up properly on the Windows Remote Server, an attempt to collect data from that server will fail. If this happens, you must delete the certificate that corresponds to that server from the following location on the container:  
** /opt/amazon/application-data-collector/remote-auth/windows/certs/*ads-server-id*.cer**  
After you delete the certificate, wait for the data collection process to be retried.

### Next step
<a name="getting-started-collector-setup-next"></a>

 [Step 5: Use Strategy Recommendations in the Migration Hub console to get recommendations](getting-started-get-recommendations.md) 

## Verify that your collector and servers are setup for data collection
<a name="cli-collector-setup-verification"></a>

 Verify that your collector and servers are correctly setup for data collection by using the following command.

```
collector diag-check
```

This command conducts a set of diagnostic checks on your server configurations and provides input on failed checks.

When you use the command in `-a` mode, you get the output in a **DiagnosticCheckResult.txt** file after the checks are complete.

```
collector diag-check -a
```

You can perform a diagnostic check on the server configurations of a single server with the IP address of that server.

The following examples show the output of a successful setup.

**Linux server**

```
            Provide your test server IP address: IP address
---------------------------------------------------------------
Start checking connectivity & credentials... 
Connectivity and Credential Checks succeeded 
---------------------------------------------------------------
Start checking permissions... 
Permission Check succeeded 
---------------------------------------------------------------
Start checking OS version... 
OS version check succeeded 
---------------------------------------------------------------
Start checking Linux Bash installation... 
Linux Bash installation check succeeded 
---------------------------------------------------------------
All diagnostic checks complete successfully. 
This server is correctly set up and ready for data collection.
```

**Windows server**

```
            Windows PowerShell Version Check succeeded 
Provide your test server IP address: IP address
---------------------------------------------------------------
Start checking connectivity & credentials... 
Connectivity and Credential Checks succeeded
--------------------------------------------------------------- 
Start checking permissions... 
Permission Check succeeded
--------------------------------------------------------------- 
Start checking OS version... 
OS version check succeeded
--------------------------------------------------------------- 
Start checking Windows architecture type... 
Windows Architecture Type Check succeeded 
---------------------------------------------------------------
All diagnostic checks complete successfully. 
This server is correctly set up and ready for data collection.
```

The following example shows an error message that is displayed when your remote server credentials are incorrect.

```
Unable to authenticate the server credentials with IP address ${IPAddress}. 
Ensure that your credentials are accurate and the server is configured correctly. 
Use the following command to reset incorrect credentials.
collector setup —remote-server-configurations
```

# Step 5: Use Strategy Recommendations in the Migration Hub console to get recommendations
<a name="getting-started-get-recommendations"></a>

This section describes how to use Strategy Recommendations in the Migration Hub console to get migration recommendations for the first time.

**To get recommendations**

1. Using the AWS account that you created in [Setting up Strategy Recommendations](setting-up.md), sign in to the AWS Management Console and open the Migration Hub console at [https://console.aws.amazon.com/migrationhub/](https://console.aws.amazon.com/migrationhub/).

1. In the Migration Hub console navigation pane, choose **Strategy**.

1. On the **Migration Hub Strategy Recommendations** page, choose **Get recommendations**.

1. Choose **Agree** if you agree to allow Migration Hub to create a service-linked role (SLR) in your account. For more information about the SLR, see [Using service-linked roles for Strategy Recommendations](using-service-linked-roles.md).

1.  **Configure data sources**

   1. On the **Configure data sources** page, you must choose the source of your servers to analyze from the following options:

      1. **Strategy Recommendations application data collector** – You can use the Strategy Recommendations collector to retrieve information about VMs hosted in VMware vCenter automatically. Using this option, you don't need to perform additional setup.

      1. **Manual import** – If you want to bring in data about your servers and applications independently, you can use the Strategy Recommendations import template. The import template is a JSON file in which you can fill out the available information for your VMs.

      1. **Application Discovery Service** – You can use Application Discovery Service to gather information about your on-premises applications and servers. In the Migration Hub console, under the **Tools** section, you can choose from multiple options under **Discovery tools**. For example, you can choose **Application Discovery Service Agentless Collector**, **AWS Discovery Agent**, or **Import** (for CSV files).

   1. The **Servers** table lists all of the available servers based on your selection in the data source section.

   1. Under Registered application data collectors, the application data collectors that you've set up are listed. If you haven't set up any data collectors, you can download the data collector and then deploy it. For more information, see [Step 1: Download the Strategy Recommendations collector](getting-started-dowmload-collector.md) and [Step 2: Deploy the Strategy Recommendations collector](getting-started-deploy.md).
**Note**  
To get strategy recommendations, you must set up at least one application data collector or perform an application data import. If you want to add your application-level data without setting up a collector, you can use the application data import template. You can add additional data sources later.

   1. If you selected **Manual import**, under **Import details**, choose **Add new import**.

   1. For **Import name**, enter a name for your import.

   1. For **S3 bucket URI**, enter the S3 bucket URI for your import JSON file to upload to.
**Important**  
The S3 bucket name must start with a prefix of **migrationhub-strategy**.

   1. Choose **Next**.

1. **Specify preferences**

   1. On the **Specify preferences** page, set up your business goals and migration preferences. Strategy Recommendations recommends the optimal strategy for migrating and modernizing your applications and databases based on the preferences that you specify. You can change these preferences at a later time.

   1. Choose **Next**.

1. **Review and submit**.

   1. Review your configured data sources and migration preferences.

   1. If everything looks correct, choose **Start data analysis**. This will perform an analysis of your server inventory and runtime environment and the application binaries for your Microsoft IIS and Java applications. 
**Note**  
The status of the binary analysis is not displayed in the console. When the analysis completes, you will either see a link to the anti-pattern report or a message indicating that the analysis was not successful. 

## Next
<a name="getting-started-get-recommendations-next"></a>

 [Viewing strategy recommendations in Strategy Recommendations](viewing-recommendations.md)