What AWS MGN Actually Does (And What Goes Wrong)

AWS MGN Architecture Overview

AWS Application Migration Service copies your servers to AWS. That's it. It installs an agent on your source machines, continuously replicates data to AWS, and eventually launches copies of your servers as EC2 instances.

Real talk: It's faster than doing it manually, but anyone selling you a "70% reduction in migration time" is probably measuring against someone doing file-by-file copies with SCP. Your mileage will vary dramatically based on how much legacy crap you're dragging along.

What Actually Works Well

The continuous replication approach is solid. While your production servers keep running, MGN quietly syncs changes to AWS. When you're ready to cut over, the downtime is usually measured in minutes, not hours. That part genuinely works as advertised.

For VMware shops, the agentless option via vCenter 6.7+ is a lifesaver if your security team freaks out about installing agents on production boxes. Though honestly, if they're that paranoid about a replication agent, wait until they see what happens when you try to explain egress charges.

OS Support (The Good and Bad News)

AWS MGN Console Dashboard

AWS MGN supports Windows Server 2016-2022, most modern Linux distributions, but drops Windows 2003 support in 2026

MGN supports most operating systems you actually care about. Windows Server 2016-2022 works fine. Modern Linux distros (RHEL 7+, Ubuntu 18.04+, Amazon Linux 2) are solid.

The gotcha: Windows 2003 support is getting axed in 2026. If you're still running Server 2003 in production in 2025, migration is the least of your problems - that thing should have been put out of its misery years ago.

Network Configuration Hell

Network Requirements: TCP 443 and 1500 to AWS endpoints, plus staging subnet with S3/EC2/IAM access

Here's where things get interesting. MGN needs to talk home during replication, which means opening specific ports (443 and 1500) to AWS endpoints. Your firewall team will want IP ranges. AWS will tell you to use FQDNs. Your firewall team will insist on IPs. AWS will change the IPs. You'll spend a Tuesday morning troubleshooting why replication broke.

Common network failures:

  • ECONNREFUSED 443 - firewall blocking AWS endpoints (again)
  • EHOSTUNREACH - routing tables fucked up after "minor network changes"
  • SSL_ERROR_SYSCALL - corporate proxy intercepting SSL traffic
  • Agent log shows Unable to resolve mgn-dr-gateway-1234567890.us-east-1.elb.amazonaws.com - DNS issues

The staging area lives in your AWS account, so you're paying for those instances while replication happens. Budget for it - that t3.micro staging server for your 500GB database is going to cost you about $15/month, plus EBS storage costs. MGN itself doesn't charge per-server fees, but you pay for all the AWS infrastructure during replication.

Integration Reality Check

MGN plugs into Migration Hub for tracking, which is useful if you have dozens of servers to migrate. The dashboard actually works, unlike some AWS consoles. CloudWatch integration gives you replication health metrics, though you'll probably set up alerts after the first time replication silently fails overnight.

Launch templates are better than the old blueprint system, but you'll still need to manually configure security groups, IAM roles, and probably fix whatever broke during the conversion process. Plan for manual cleanup work post-migration.

Useful Resources for Real Implementation:

MGN vs The Alternatives (Reality Check)

Feature

AWS MGN

Manual Migration

Third-Party Tools

Speed

Faster than manual, slower than promised

Painfully slow

Depends on tool and budget

Automation

Replication is automated, everything else isn't

You do everything

Some are better than others

Downtime

Usually minutes

Hours to days

Varies wildly

Agent Required

Yes (agentless for VMware only)

No

Usually

Hidden Costs

Staging instances + storage + egress

Your time and sanity

Licensing can get expensive

Learning Curve

AWS console + networking gotchas

You know this already

Each tool is different

When It Breaks

AWS support (if you pay for it)

You figure it out

Vendor support quality varies

MGN Pricing (And the Hidden Costs They Don't Mention)

What You Actually Pay

Storage Costs: GP3 ~$0.08/GB/month, IO2 ~$0.125/GB/month + IOPS charges

MGN gives you 90 days free per server for the service itself - no per-server charges. The gotchas come from paying for all the underlying AWS infrastructure during replication.

The Staging Infrastructure Bill:
Every server you're replicating needs a staging instance running in AWS during the entire process. That t3.small staging server costs about $15/month. Your database server might need an r6i.large for $135/month. Multiply by however many months your "quick migration" actually takes.

Storage Costs Add Up:
EBS storage for replicating a 500GB server runs about $40/month. If you're syncing a 2TB file server, budget $160/month just for storage. And don't forget - you're paying for this storage in your staging area AND your production instance after cutover.

Regional Availability (For What It's Worth)

MGN is available in most AWS regions where you'd actually want to migrate servers. Check the service availability page because AWS doesn't maintain a consistent list anywhere obvious.

The regional thing matters because you can't replicate from us-east-1 to eu-west-1 directly. You'd set up MGN in eu-west-1 and replicate there from your on-premises environment. Plan your data transfer costs accordingly - cross-region transfers aren't free.

Enterprise Features That Actually Matter

MGN Connector - Automates agent deployment if you have VMware vCenter. Saves you from manually installing agents on 100+ VMs. Released in 2024, it works pretty well when your network team hasn't locked down everything.

Wave Management - Groups servers for coordinated migrations. Useful when you need to migrate a three-tier application in a specific order. The wave functionality actually makes sense and works as advertised.

Organizations Integration - If you're migrating across multiple AWS accounts, this helps centralize tracking. More useful for consulting firms managing migrations for multiple clients than single-company migrations.

Performance Reality Check

Performance Metrics: RPO typically 5-15 minutes, cutover downtime under 10 minutes for simple servers

What Works:

  • Continuous replication with sub-5-minute RPO when the network is stable
  • Cutover downtime typically under 10 minutes for simple servers
  • Initial sync performance depends entirely on your Internet bandwidth (budget 24-72 hours for a 500GB server over 100 Mbps)

What Doesn't:

  • "Sub-minute RPO" assumes perfect network conditions nobody has
  • Replication lag spikes during high I/O periods on source servers
  • Network hiccups can cause replication to fall behind for hours

The disaster recovery use case is legitimate - MGN can keep standby copies of your critical servers ready to launch. But calling it "near-zero RTO" is marketing bullshit unless you've automated the entire failover process and tested it monthly.

Essential Cost Management Resources:

What Actually Goes Wrong (Real MGN Questions)

Q

What breaks during migration that AWS doesn't warn you about?

A

Network configs will fuck you over. Your carefully configured static routes, firewall rules, and DNS settings don't magically transfer. That app that "just worked" on-premises will throw ECONNREFUSED errors because it's trying to connect to 192.168.1.50 that doesn't exist in your VPC.Windows licensing gets confused after hardware changes. You'll see:

  • Error 0xC004F074: The Software Licensing Service reported that the computer could not be activated
  • SQL Server: Error 5808: Ad hoc update to system catalogs is not supported
  • Oracle: ORA-00600: internal error code when it detects "new hardware"

Budget time for license reactivation calls. Oracle support will make you explain why your server's CPU serial number changed. Fun times.

Q

How long does this actually take?

A

If you're migrating simple web servers with no dependencies: 1-2 weeks if you're lucky, 6 weeks if you're realistic.

Anything with a database, Active Directory integration, or custom networking: 3-6 months minimum. That "30-day migration timeline" from the sales deck assumes your applications were designed by angels who never heard of hardcoded IP addresses.

Q

Should I migrate everything or just kill old stuff?

A

Honestly? That Windows 2008 R2 box running the accounting system from 2009 should probably be put out of its misery instead of migrated. Sometimes paying for a software upgrade is cheaper than dealing with the inevitable compatibility issues in AWS.

If you find yourself googling "Windows 2008 R2 activation in AWS" at 3 AM, you've made poor life choices.

Q

What's this going to actually cost me?

A

MGN itself is free for 90 days per server, and there are no per-server charges after that. The expensive part is the staging instances, EBS storage, and data transfer charges. Budget $100-200/month per server during active replication for the underlying AWS infrastructure.

Pro tip: Use the AWS pricing calculator and then double it. AWS cost estimation is an art form, and most people suck at it.

Q

VMware agentless replication - does it work?

A

It works if your vCenter environment isn't locked down tighter than Fort Knox. You need API access, snapshot permissions, and network connectivity. If your VMware admin configured everything with the "security through obscurity" approach, you're installing agents.

Q

What happens when replication breaks at 2 AM?

A

MGN Console shows server status: Initial Sync → Continuous Replication → Ready for Testing

Check the MGN console first. Replication lag usually means network issues or the staging instance ran out of disk space.

Common failures you'll see:

  • Error: 'AgentNotSeen' - last heartbeat 47 minutes ago - agent lost connectivity
  • Error: 'StagingAreaServerCreationFailure' - staging subnet probably ran out of IP addresses
  • Error: 'ReplicationLagExceedsThreshold' - network too slow or source server hammering disk I/O
  • Error: 'InsufficientDiskSpace' - staging instance storage is full, time to resize the EBS volume

Could be firewall changes, could be the source server rebooted, could be AWS decided to change endpoint IPs again. Welcome to your Tuesday morning.

Q

Do I need Direct Connect for this?

A

Direct Connect provides dedicated network connection from on-premises to AWS, bypassing internet

For a few servers? Your regular internet connection is fine. For 50+ servers or anything with large databases? Yeah, pay for Direct Connect. Replicating a 2TB SQL Server over a 100 Mbps connection while users are working will make everyone hate you.

Q

Can I migrate domain controllers?

A

AD Migration Strategy: Build new DCs in AWS, establish trust relationship, migrate users with ADMT

You can, but probably shouldn't. AD domain controllers don't like being cloned, even with proper preparation. Plan to build new DCs in AWS and demote the on-premises ones. Your DNS and site configurations will need manual attention anyway.

Q

What if I need to roll back?

A

MGN doesn't have a "rollback" button. Your source servers are still running during replication, so you can abandon the AWS instances if things go sideways. But once you cut over and shut down on-premises servers, you're committed.

Test your cutover procedure multiple times. Document exactly what needs to be reverted if you chicken out at the last minute.

3AM debugging pro tip: When everything breaks, check these in order:

  1. MGN console agent status - is it even talking to AWS?
  2. Source server /var/log/aws_replication_installer.log - what did the agent die from?
  3. Network connectivity: telnet replication-endpoint.aws.com 443 and telnet replication-endpoint.aws.com 1500
  4. EBS volume space in staging area - df -h on the staging instances
  5. Security groups - someone always "temporarily" blocks something and forgets

Resources That Actually Help When Things Break

Related Tools & Recommendations

tool
Similar content

Amazon EC2 Overview: Elastic Cloud Compute Explained

Rent Linux or Windows boxes by the hour, resize them on the fly, and description only pay for what you use

Amazon EC2
/tool/amazon-ec2/overview
100%
howto
Similar content

AWS to GCP Production Migration Guide: Real-World Strategies & Lessons

Skip the bullshit migration guides and learn from someone who's been through the hell

Google Cloud Migration Center
/howto/migrate-aws-to-gcp-production/complete-production-migration-guide
70%
tool
Similar content

AWS MGN Enterprise Production Deployment: Security, Scale & Automation Guide

Rolling out MGN at enterprise scale requires proper security hardening, governance frameworks, and automation strategies. Here's what actually works in producti

AWS Application Migration Service
/tool/aws-application-migration-service/enterprise-production-deployment
64%
tool
Similar content

AWS Database Migration Service: Real-World Migrations & Costs

Explore AWS Database Migration Service (DMS): understand its true costs, functionality, and what actually happens during production migrations. Get practical, r

AWS Database Migration Service
/tool/aws-database-migration-service/overview
64%
tool
Similar content

AWS CodeBuild Overview: Managed Builds, Real-World Issues

Finally, a build service that doesn't require you to babysit Jenkins servers

AWS CodeBuild
/tool/aws-codebuild/overview
62%
tool
Similar content

AWS Lambda Overview: Run Code Without Servers - Pros & Cons

Upload your function, AWS runs it when stuff happens. Works great until you need to debug something at 3am.

AWS Lambda
/tool/aws-lambda/overview
57%
news
Similar content

Amazon AWS Invests $4.4B in New Zealand Region: ap-southeast-6 Live

Three years late, but who's counting? AWS ap-southeast-6 is live with the boring API name you'd expect

/news/2025-09-02/amazon-aws-nz-investment
56%
tool
Similar content

Amazon SageMaker: AWS ML Platform Overview & Features Guide

AWS's managed ML service that handles the infrastructure so you can focus on not screwing up your models. Warning: This will cost you actual money.

Amazon SageMaker
/tool/aws-sagemaker/overview
51%
pricing
Similar content

Kubernetes Pricing: Uncover Hidden K8s Costs & Skyrocketing Bills

The real costs that nobody warns you about, plus what actually drives those $20k monthly AWS bills

/pricing/kubernetes/overview
51%
tool
Similar content

CloudHealth: Is This Expensive Multi-Cloud Cost Tool Worth It?

Enterprise cloud cost management that'll cost you 2.5% of your spend but might be worth it if you're drowning in AWS, Azure, and GCP bills

CloudHealth
/tool/cloudhealth/overview
49%
tool
Similar content

Amazon DynamoDB - AWS NoSQL Database That Actually Scales

Fast key-value lookups without the server headaches, but query patterns matter more than you think

Amazon DynamoDB
/tool/amazon-dynamodb/overview
49%
tool
Similar content

AWS AI/ML Services: Practical Guide to Costs, Deployment & What Works

AWS AI: works great until the bill shows up and you realize SageMaker training costs $768/day

Amazon Web Services AI/ML Services
/tool/aws-ai-ml-services/overview
49%
tool
Similar content

AWS API Gateway: The API Service That Actually Works

Discover AWS API Gateway, the service for managing and securing APIs. Learn its role in authentication, rate limiting, and building serverless APIs with Lambda.

AWS API Gateway
/tool/aws-api-gateway/overview
48%
tool
Similar content

AWS API Gateway Security Hardening: Protect Your APIs in Production

Learn how to harden AWS API Gateway for production. Implement WAF, mitigate DDoS attacks, and optimize performance during security incidents to protect your API

AWS API Gateway
/tool/aws-api-gateway/production-security-hardening
44%
pricing
Similar content

AWS DevOps Tools Cost Breakdown: Monthly Pricing Analysis

Stop getting blindsided by AWS DevOps bills - master the pricing model that's either your best friend or your worst nightmare

AWS CodePipeline
/pricing/aws-devops-tools/comprehensive-cost-breakdown
43%
integration
Similar content

AWS Lambda DynamoDB: Serverless Data Processing in Production

The good, the bad, and the shit AWS doesn't tell you about serverless data processing

AWS Lambda
/integration/aws-lambda-dynamodb/serverless-architecture-guide
43%
tool
Similar content

Amazon Q Developer Review: Is it Worth $19/Month vs. Copilot?

Amazon's coding assistant that works great for AWS stuff, sucks at everything else, and costs way more than Copilot. If you live in AWS hell, it might be worth

Amazon Q Developer
/tool/amazon-q-developer/overview
41%
tool
Similar content

Amazon Q Business vs. Developer: AWS AI Comparison & Pricing Guide

Confused by Amazon Q Business and Q Developer? This guide breaks down the differences, features, and pricing of AWS's AI assistants, including their CodeWhisper

Amazon Q Developer
/tool/amazon-q/business-vs-developer-comparison
36%
pricing
Similar content

AWS vs Azure vs GCP Developer Tools: Real Cost & Pricing Analysis

Cloud pricing is designed to confuse you. Here's what these platforms really cost when your boss sees the bill.

AWS Developer Tools
/pricing/aws-azure-gcp-developer-tools/total-cost-analysis
36%
pricing
Similar content

IaC Pricing Reality Check: AWS, Terraform, Pulumi Costs

Every Tool Says It's "Free" Until Your AWS Bill Arrives

Terraform Cloud
/pricing/infrastructure-as-code/comprehensive-pricing-overview
35%

Recommendations combine user behavior, content similarity, research intelligence, and SEO optimization