![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 4%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Azure Migrate
A central hub of Azure cloud migration services and tools to discover, assess, and migrate workloads to the cloud.
Yes. A separate Azure Migrate replication appliance is required for each isolated VPC if VPC peering (or other network connectivity) is not enabled between them.
Reasoning based on requirements:
- The replication appliance must have network line-of-sight to every source AWS VM that it will replicate.
- Source AWS VMs communicate with the replication appliance over HTTPS 443 (control/orchestration) and TCP 9443 (replication data) inbound.
- The guidance recommends deploying the replication appliance in the same VPC as the source VMs; if it is in a different VPC, the VPCs must be connected via VPC peering.
Since VPCs in this scenario “do not talk to each other” and peering is explicitly not desired, a single appliance cannot reach VMs across those VPC boundaries. Therefore:
- Deploy one replication appliance VM (Windows Server 2022) per VPC that contains servers to be migrated.
- Ensure each appliance meets the hardware/software/networking requirements and can reach Azure over HTTPS 443 outbound.
- Configure security group rules in each VPC so that the local source VMs can reach their local appliance on ports 443 and 9443.
This way, each isolated VPC has its own appliance handling replication for the VMs inside that VPC, without requiring VPC peering.
References: