Migration Tool Integration Guide

Technical configuration guide for connecting a third-party VMware migration tool to the FFP simulated environment — endpoints, credentials, API details.

Migration Tool Integration Guide

This guide provides the exact endpoints, credentials, and API details an engineer needs to configure a VMware-to-OpenStack migration tool against the Federal Frontier Platform’s evaluation environment.

The environment includes a fully functional VMware vSphere simulator (30 VMs across 2 clusters) and a production OpenStack deployment. Both are accessible for migration tool testing.

VMware vSphere (Source Environment)

The source environment is a govmomi-based vSphere simulator exposing the full vSphere SOAP API. It responds identically to a real vCenter for management plane operations (inventory, power state, networks). Migration tools that use the vSphere SDK or REST API will connect normally.

vSphere SOAP API (SDK)

Parameter	Value
Protocol	HTTPS (self-signed certificate)
Port	8989
API Version	vSphere 7.0+ compatible
Username	`user`
Password	`pass`
SDK URL	`https://<vcenter-host>:8989/sdk`

For pyvmomi / govmomi / PowerCLI connections, set insecure = true or disable certificate verification — the endpoint uses a self-signed certificate.

pyvmomi example:

from pyVim.connect import SmartConnect
import ssl

ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE

si = SmartConnect(
    host="<vcenter-host>",
    user="user",
    pwd="pass",
    port=8989,
    sslContext=ctx,
)

govc example:

export GOVC_URL="https://user:pass@<vcenter-host>:8989/sdk"
export GOVC_INSECURE=1
govc ls /
govc find / -type m  # list all VMs

vSphere REST API

Parameter	Value
Base URL	`https://<vcenter-host>:8989/rest`
Authentication	Basic Auth — `user` / `pass`
Session endpoint	`POST /rest/com/vmware/cis/session`

Inventory Summary

Resource	Count	Details
Datacenters	1	DC0
Clusters	2	DC0_C0 (10 VMs), DC0_C1 (10 VMs)
Standalone Hosts	3	DC0_H0 (10 VMs)
Total VMs	30	All poweredOn, 1 vCPU / 32 MB RAM each
Datastores	2	LocalDS_0, LocalDS_1
Networks	Standard port groups + distributed port groups

Each VM has:

1 vCPU, 32 MB RAM
1 virtual disk (10 GB capacity)
1 NIC on a virtual port group
Guest OS: otherGuest
VMware Tools: running

Limitations

The vSphere simulator provides the management plane API but does not have real disk backing. This means:

VM inventory, power operations, network configuration, and snapshot APIs work normally
VDDK / NBD disk access is not supported — there are no real VMDK blocks to read
Disk-level migration (e.g., nbdkit+VDDK, VAAI) cannot be tested against this environment
Migration tools that download VMDKs via the datastore HTTP API will get empty/placeholder files

For testing disk transfer pipelines, a real vCenter with actual VMDK backing is required. The simulator is suitable for testing discovery, inventory mapping, network analysis, wave planning, power state management, and post-migration verification workflows.

OpenStack (Target Environment)

The target is a production OpenStack deployment running Kolla-Ansible with Ceph Quincy storage. This is a real environment — instances created here consume actual compute and storage resources.

Keystone Authentication

Parameter	Value
Auth URL	`http://<openstack-host>:5000/v3`
API Version	3
Username	`admin`
Password	`<provided-during-eval>`
Project	`admin`
User Domain	`Default`
Project Domain	`Default`

clouds.yaml example:

clouds:
  ffp-eval:
    auth:
      auth_url: http://<openstack-host>:5000/v3
      username: admin
      password: <provided-during-eval>
      project_name: admin
      user_domain_name: Default
      project_domain_name: Default
    region_name: RegionOne
    interface: internal
    identity_api_version: 3

Environment variables (openrc):

export OS_AUTH_URL=http://<openstack-host>:5000/v3
export OS_USERNAME=admin
export OS_PASSWORD=<provided-during-eval>
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
export OS_INTERFACE=internal

OpenStack Service Endpoints

All services are on the same host. Standard OpenStack ports:

Service	Port	Purpose
Keystone (Identity)	5000	Authentication and service catalog
Nova (Compute)	8774	Instance lifecycle
Neutron (Networking)	9696	Networks, subnets, ports, security groups
Glance (Image)	9292	Image upload and management
Cinder (Block Storage)	8776	Volume creation and attachment
Placement	8778	Resource allocation tracking

Available Flavors

Name	vCPUs	RAM	Disk	Notes
`m1.tiny`	1	256 MB	0 GB	Smallest — boot-from-volume only
`m1.small-bfv`	1	2048 MB	0 GB	Recommended for small migrations
`m2.2`	2	2048 MB	0 GB
`m1.small`	2	2048 MB	20 GB	Has local disk
`m2.medium-bfv`	2	4096 MB	0 GB
`m2.4`	2	4096 MB	0 GB
`m1.large`	2	8192 MB	0 GB
`m2.large-bfv`	2	8192 MB	0 GB
`m8.20`	4	8192 MB	0 GB	Largest available

Flavors with disk=0 are boot-from-volume — the instance boots from a Cinder volume, not a local disk.

Available Networks

Name	Status	Notes
`frontier-net`	ACTIVE	Primary workload network — use this for migrated instances
`public`	ACTIVE	External/floating IP network

Available Images

Name	Size	Notes
`ubuntu-22.04-jammy`	0.6 GB	Recommended — RBD-backed, confirmed working
`rocky-9.3`	1.0 GB	Rocky Linux alternative
`almalinux-9`	0.5 GB	AlmaLinux alternative
`centos-9-stream`	1.4 GB	CentOS Stream

Important: Use only RBD-backed images. File-backed images (CirrOS) return HTTP 500 errors.

Storage Backend

Parameter	Value
Backend	Ceph Quincy (RBD)
Volume Type	`rbd` (backend `rbd-1`)
Default Type	`__DEFAULT__` (also Ceph-backed)

Capacity Constraints

This is a shared environment. Observe these limits:

Maximum 5 migration instances at a time — VDI desktops and control plane VMs are already running
Clean up after testing — delete instances and volumes when done
Use the smallest viable flavor — resources are limited
Do not modify existing instances — VDI desktops (ffp-vdi-*) and control plane VMs are in use

Network Access

From Within the Kubernetes Cluster

If your migration tool runs as a pod in the evaluation cluster:

Service	Cluster DNS	Port
vSphere Simulator (SOAP)	`vcsim.ffp.svc.cluster.local`	8989
vSphere REST Shim	`vcsim-rest-shim.ffp.svc.cluster.local`	8080
VMware MCP Server	`vmware-mcp-server.ffp.svc.cluster.local`	50060
OpenStack MCP Server	`openstack-mcp-server.ffp.svc.cluster.local`	8080
Migration API	`migration-api.ffp.svc.cluster.local`	8090

From External (Developer Workstation)

Access via SSH tunnel or Tailscale to the cluster node:

# vSphere SOAP API (for pyvmomi/govmomi/PowerCLI)
kubectl port-forward -n ffp svc/vcsim 8989:8989

# OpenStack APIs (Keystone, Nova, Neutron, Glance, Cinder)
# These are on the OpenStack control plane host, not in k8s
# Use SSH tunnel: ssh -L 5000:<openstack-host>:5000 <jump-host>

# VMware MCP Server (JSON-RPC)
kubectl port-forward -n ffp svc/vmware-mcp-server 50060:50060

# OpenStack MCP Server (JSON-RPC)
kubectl port-forward -n ffp svc/openstack-mcp-server 8081:8080

MCP Server APIs (Optional Integration)

Migration tools can optionally integrate with the FFP MCP servers via JSON-RPC 2.0. This provides a unified API layer across VMware and OpenStack without direct SDK dependencies.

VMware MCP Server

Parameter	Value
URL	`http://<host>:50060/mcp/vmware`
Protocol	JSON-RPC 2.0 over HTTP POST
Authentication	None (cluster-internal)
Content-Type	`application/json`

Example — list all VMs:

curl -X POST http://localhost:50060/mcp/vmware \
  -H 'Content-Type: application/json' \
  -d '{
    "jsonrpc": "2.0",
    "method": "tools/call",
    "params": {
      "name": "vmware_list_vms",
      "arguments": {}
    },
    "id": 1
  }'

Available tools: vmware_list_vms, vmware_get_vm, vmware_set_vm_power_state, vmware_list_hosts, vmware_list_clusters, vmware_list_datastores, vmware_list_networks, vmware_get_vm_metrics

OpenStack MCP Server

Parameter	Value
URL	`http://<host>:8080/jsonrpc`
Protocol	JSON-RPC 2.0 over HTTP POST
Authentication	None (cluster-internal; the server holds OpenStack credentials)
Content-Type	`application/json`

Example — list all instances:

curl -X POST http://localhost:8080/jsonrpc \
  -H 'Content-Type: application/json' \
  -d '{
    "jsonrpc": "2.0",
    "method": "tools/call",
    "params": {
      "name": "openstack_list_vms",
      "arguments": {}
    },
    "id": 1
  }'

Available tools: 54 tools across Compute (13), Networking (18), Images (3), Storage (5), Identity (5), Summary (1), ORC GitOps (8). See the Migration MCP Tools reference for the full list.

Migration Monitor Dashboard

The Migration Monitor dashboard provides real-time visualization of both environments during migration testing.

Parameter	Value
URL	`https://migration.example.com`
NodePort	30090
Auto-refresh	Every 5 seconds

The dashboard polls the VMware and OpenStack MCP servers independently. Any migration activity (whether triggered from the dashboard controls, the Migration API, or an external tool) will be visible in the dashboard as VMs change power state and instances appear.

Quick Verification

After configuring your migration tool, verify connectivity with these checks:

1. vSphere connectivity

# Should return datacenter list
govc ls / -u "https://user:pass@<vcenter-host>:8989/sdk" -k
# Expected: /DC0

2. OpenStack connectivity

# Should return token
openstack token issue
# Should list 30+ VMs
openstack server list

3. End-to-end migration test

# Create a small instance from an image (simulates a completed migration)
openstack server create \
  --flavor m1.small-bfv \
  --image ubuntu-22.04-jammy \
  --network frontier-net \
  --key-name default-keypair \
  --boot-from-volume 20 \
  migration-test-01

# Verify it reaches ACTIVE
openstack server show migration-test-01 -f value -c status
# Expected: ACTIVE

# Clean up
openstack server delete migration-test-01