AvePoint Learn
Request article
Contact support
Request article
Contact support
English

Home > Perform Device Migrations > Create a Connection

Export to PDF

Create a Connection

To connect the Device agent to AvePoint Online Services, you need to add connections by completing the following steps:

  1. Click Settings in the left pane, and select Connections to access the Connections page.

  2. Click Create connection. The Create connection panel appears.

  3. In the Create connection panel, complete the following settings:

    • Connection name – Enter a name for the connection.

    • Connection type – Select Device from the drop-down list to create a connection for Device.

    • Configure source or destination connection – Specify whether this connection is a Source or a Destination.

      If Source connection is selected, complete the following configurations:

      • AvePoint Online Services application (client) ID – Enter the ID of your app registration in AOS > Administration > App registrations.

      • Client secret – Enter the client secret of your app registration in AOS > Administration > App registrations.

      • Generate configuration key – Click to generate configuration key. The configuration key will be used to connect the device agent. You can click the Copy button to copy the configuration key.

      • Download and install device agent – Click Download device agent to download the device agent. The agent must be deployed to every end-user device you intend to migrate. It is recommended to silently push the agent installation (.msi) to all domain-joined devices via Group Policy Object (GPO). Alternatively, you can install the agent (.msi or .exe) manually on each required machine. Refer to Install the Device Agent for how to install the agent.

      • Create local administrator – Select whether to create a local administrator of the device. This account can be used to log in if an issue occurs while rejoining the device to the domain.

      If Destination connection is selected, select a destination and complete the following configurations:

      • If Active Directory or Hybrid Identity is selected, select How to rejoin the device to the new Active Directory domain?

        • Rejoin online using AD user credentials – Rejoin the domain online. Enter the username and password for the service account in the destination Active Directory, along with the destination domain name.

        • Rejoin offline using agent – Rejoin the domain offline using agents. Download and install the Active Directory agent on the destination Active Directory server or a server that can connect to the destination Active Directory. Click Generate to create a connection key for the destination Active Directory agent. Refer to Install the Destination Agent for how to install the agent.

      • If Hybrid Identity is selected, complete the following configurations:

        • Tenant – Select the destination tenant.

        • App profile – Select the Fly for Device app or a custom app profile from the drop-down list. You can also click the Create new in AvePoint Online Services link to create a new one.

        • How to rejoin the device to the new Active Directory domain? – Select how the device will be joined to the new Active Directory domain.

        • If Rejoin online using AD user credentials is selected, device will rejoin the domain online. Enter the username and password for the service account in the destination Active Directory, along with the destination domain name.

        • If Rejoin offline using agent is selected, the device will rejoin the domain offline using agents. Download the Active Directory agent and install it on the destination Active Directory server or a server that can connect to the destination Active Directory. Then click Generate to create a connection key for the destination Active Directory agent. Refer to Install the Destination Agent for how to install the agent.

      • If Microsoft Entra ID is selected, select How to rejoin the device to the new Microsoft Entra ID domain?

        If Rejoin online using MicrosoftEntra ID app and bulk token is selected, complete the following configurations:

        • Tenant – Select the destination tenant.

        • App profile – Select the Fly for Device app or a custom app profile with delegated permissions from the drop-down list. You can also click the Create new in AvePoint Online Services link to create a new one.

        • Join devices to Microsoft Entra ID – Generate a bulk token by clicking Get bulk token and providing a Display name and Token expiration duration.

          You can generate multiple tokens; the information of the latest one will be displayed upon creation.

        If Rejoin offline using an enrollment file is selected, complete the following configurations:

        • Tenant – Select the destination tenant.

        • App profile – Select the Fly for Device app or a custom app profile from the drop-down list. You can also click the Create new in AvePoint Online Services link to create a new one.

        • Bulk enrollment file path – Select the file path of the Microsoft Entra ID bulk enrollment file. It can be stored either on the device in a local folder or in a shared folder. If a shared folder is used, ensure it is accessible to devices in both the source and destination environments.

  4. Click Save to save your configurations.

On the Connections page, you can manage the existing connections.

  • Filter – Click Filter to filter connections by connection type and/or tenant.

  • Search – Enter the keyword of a connection name in the search box to search for the desired connection.

  • Edit – Click the connection name to edit a connection.

  • Delete – Select a connection and click Delete to delete it. Or you can select one or multiple connections and click Delete to delete them.

Install the Device Migration Agent

Refer to the following sections to prepare and install the device migration agent.

NOTE

The combined total of active Active Directory and Device migration agents in Fly should not exceed 5000. After a migration is complete, we recommend uninstalling the agents and removing them from Fly > Settings > Agents.

System Requirements

Refer to the following table for the system requirements of the Fly Device Migration Agent.

ComponentsRequirements
Operating SystemWindows Server 2016, Windows Server 2019, Windows Server 2022, Windows 10, Windows 11*Note: 32-bit operating systems are not supported. Only operating systems with Desktop Experience are supported.
Number of CPU CoresRecommended: 4 or above.
Available Physical MemoryRecommended: 8 GB or above.
Available Disk SpaceRefer to Comment 1 below the table.
.NET Framework Version.NET Framework 4.7.2 to 4.8.
Net.Tcp Port Sharing ServiceNet.Tcp Port Sharing Service has started.
Transport Layer Security (TLS) VersionTLS 1.2 is enabled.
Visual C++ Redistributable VersionVisual C++ Redistributable 2015-2022.

Comment 1: The Agent server will store the temporary files and job logs of migrations.

  • We recommend 50 GB or above for migration projects with less than 100 GB of data.

  • We recommend 100 GB or above for large migration projects with more than 200 GB of data.

    When checking the installation rules, Fly checks the storage space of your drive C by default. Make sure there is available space of 2 GB or above in your drive C.

System Services Port Requirements

Refer to the following information for the system services port requirements of the Fly Device Migration Agent.

Application ProtocolProtocolPorts
Lightweight Directory Access Protocol (LDAP) ServerTCP389
Remote Procedure Call (RPC)TCP135
RPC randomly allocated high TCP portsTCP49125 - 65535

For more details, refer to How to configure RPC dynamic port allocation to work with firewalls.

Network Requirements

Before performing device migrations in Fly, make sure the network of the server where you want to install the device agent can connect to the AvePoint Online Services, Fly, and the source/destination device.

If your organization has an access policy and only specific IP addresses are allowed, you need to navigate to AvePoint Online Services > Administration > Security > Reserved IP addresses to download the list of reserved IP addresses required by AvePoint Online Services and Fly, and then add the IP addresses to the safe IP address list of the server where you want to install the device agent.

Download Agent

You can either download the device agent when creating a connection for device migration or follow the steps below to download the agent:

  1. Click Settings in the left pane, and select Agents .

  2. Click the Device Agent tab, and then click Download agent to download the corresponding agent.

  3. In the panel, click Download.

  4. To verify whether a downloaded file has been tampered with, check its hash value and compare it with the one displayed in the panel.

  5. To obtain the hash value from the downloaded file, open Windows PowerShell and enter the following commands:

    Get-FileHash -Algorithm SHA256 -Path “[file path]”

  6. Replace [file path] with the full path of the downloaded file.

    The downloaded file.

Install the Agent

Refer to the following steps to install the device agent:

  1. Copy the downloaded file of the device agent to the machine where you want to install the agent.

  2. Right-click the file and select Run as administrator.

  3. On the installation wizard, click Next and accept the agreement.

  4. Click Next.

  5. In the Destination Folder step, configure the installation path and click Next.

  6. In the Configuration Key step, enter the configuration key of device source connection and click Next. You can generate the configuration key in the corresponding source device connection in Fly > Connections.

  7. Click Install to install the agent.

  8. In the taskbar at the lower-right corner of your screen, right-click the Fly Device Agent icon.

  9. Select Configuration.

  10. In the Connect AvePoint Online Services step, configure the following settings:

    • AvePoint Online Services application (client) ID – Enter the ID of your app registration in AOS > Administration > App registrations. Note that the fly.admigration.readwrite.all permission is required for this app registration.

      Application (Client) ID.

    • Client secret value – Enter the client secret value in AOS > Administration > App registrations. For how to get a new client secret, refer to the Register an App section in Configure App Registrations for detailed information.

      Client secrets.

    • Proxy settings – Configure the following settings:

      • Proxy Host – The hostname or IP address of the proxy server.

      • Proxy Port – The port used to access the proxy server.

      • Username – The username to log in to the proxy server.

      • Password – The password to access the proxy server.

  11. In the Connect connection step, configure the following settings:

    • Connection key – Paste the connection key you copied when you create the connection.

    • Connection name – After you entered and verify the connection key, the name of connection you created will be automatically filled in and cannot be edited.

  12. Click Finish to save your configurations.

You can also perform the following actions on the Fly Device Agent:

  • Cache user credentials – If Cache user credentials for device logon is selected in the device migration policy, and Rejoin offline using agent is selected for the device destination connection, caching user credentials is required.

    Cached user credentials allow you to sign in to your device when the domain controller is unavailable. If you've successfully logged in before, your username and password are stored securely on your device. This allows you to access your account offline or during network disruptions.

    To cache user credentials, right-click the Fly Device Agent icon, click Cache User Credentials, and then complete the following configurations:

    • Username – Enter the username of the account.

    • Password – Enter the password of the account.

    • Domain – Enter the domain name.

  • Check Status – To check if a domain rejoin job or a permissions migration job has been triggered by the administrator, right-click the Fly Device Agent icon and select Check Status. The system will also automatically scan for a triggered job every hour.

    If a domain rejoin job has been triggered, the Domain Rejoining Now Available window will appear. You can click Start to run the domain rejoin job immediately, or click Snooze to delay the job until the selected time. By default, the job will snooze for one hour. Note that if a permission migration job is triggered, the domain rejoin job will be automatically triggered.

    Your computer will lock and restart during the domain rejoin job.

Uninstall the Agent

Refer to the following steps to uninstall the agent:

  1. Navigate to the Control Panel on the machine where you have installed agent, and click Uninstall a program.

  2. Right-click the agent and select Uninstall/Change.

  3. In the pop-up window, click OK.

  4. Click Uninstall to uninstall the agent.