Cloudamize is a cloud-migration assessment platform. During a time-boxed period, a lightweight agent (or an agentless collector) gathers performance and inventory data to produce right-sizing recommendations. It is a temporary, read-only activity, no configuration changes are made to source systems, and the software is removed when the assessment ends.
WHAT IS COLLECTED AND TRANSMITTED
|
Category |
Examples |
Notes |
|---|---|---|
|
Performance Metrics |
CPU, memory, disk, and network utilization |
Sampled every 30 seconds; low sensitivity. |
|
Application Inventory |
Installed software (Windows Registry / Linux RPM-DEB), running processes |
Used for dependency mapping and workload analysis. |
|
Asset Identifiers |
Hostname, machine UUID, private IP address |
Used to uniquely identify and track a server throughout the assessment. |
Data is sampled every 30 seconds and transmitted every 5 minutes. Bandwidth is negligible — roughly 5–40 KB per 10 minutes per host. Agent CPU overhead is capped by a built-in watchdog process (typically well under 3%).
WHAT IS NOT COLLECTED OR TRANSMITTED
-
No credentials ever leave the network. For the agentless collector, discovery credentials are stored, encrypted on the collector VM only, and are never sent to Cloudamize.
-
No file contents, user data, or database records — only system metrics and the software inventory list.
-
No inbound connections from Cloudamize to your environment. All traffic is outbound-initiated from your network.
HOW DATA IS PROTECTED IN TRANSIT
Encryption: All data is sent over TLS 1.2 minimum (1.3 preferred); OpenSSL 3.0.0+ required. TLS 1.2 is refused. Assessment data stored within the Cloudamize platform is encrypted at rest using AES-256 encryption.
Single outbound path: HTTPS over TCP 443 to one regional endpoint (US / EU / UAE), directly or via a corporate proxy.
TLS-interception friendly: Certificate pinning is not used, so enterprise TLS-inspection gateways are fully supported.
PORTS REQUIRED FOR THE ASSESSMENT
Agent-based collection:
|
Target |
Port / Protocol |
Direction |
Purpose |
|---|---|---|---|
|
Cloudamize Endpoint |
TCP 443 (SSL/HTTPS) |
Outbound: Agent Server → Cloudamize Endpoint |
The only required port. Used to securely transmit all collected data directly or through an HTTP proxy. |
Agentless Data Collector (ADC):
|
Target |
Port / Protocol |
Direction |
Purpose |
|---|---|---|---|
|
Cloudamize Endpoint |
TCP 443 (SSL/HTTPS) |
Outbound: ADC → Cloudamize Endpoint |
Sends collected assessment data to Cloudamize. |
|
Windows Targets |
TCP 445 (SMB) |
Inbound: ADC → Windows Targets |
File sharing and WMI communication. |
|
Windows Targets |
TCP 135 (RPC Endpoint Mapper) |
Inbound: ADC → Windows Targets |
Establishes the initial RPC connection. |
|
Windows Targets |
Dynamic RPC – TCP 49152–65535 (Legacy: 1025–5000) |
Inbound: ADC → Windows Targets |
RPC data exchange after the initial connection on TCP 135. |
|
Linux Targets |
TCP 22 (SSH) |
Inbound: ADC → Linux Targets |
Used for Linux data collection. The SSH port is fixed and cannot be changed. |
Perimeter note: Only TCP 443 crosses the network perimeter and is outbound-initiated. The 445, 135 dynamic RPC port range and 22 rules are internal — inbound to the target servers from the ADC only. Cloudamize's backend does not initiate inbound connections to the environment.
Endpoints by region:
am.cloudamize.com (US)
am-de.cloudamize.com (EU)
am-ae.cloudamize.com (UAE)
SECURITY CHARACTERISTICS
-
Time-boxed collection.
-
No automatic updates after deployment.
-
Windows agent runs as SYSTEM, Linux agent as root, ADC uses a customer account.
Security and Compliance
Industry Compliance
Cloudamize follows industry-recognized security practices and compliance standards to help protect customer assessment data.
|
Compliance |
Status |
|---|---|
|
ISO 27001 |
✔ Certified |
|
SOC 2 Type II |
✔ Certified |
|
Annual Penetration Testing |
✔ Performed |
|
GDPR |
✔ Compliant |
|
GovCloud |
Supported (requires prior Cloudamize approval) |
|
HIPAA |
Not applicable (Cloudamize does not collect PHI/PII required for HIPAA scope) |
|
PCI |
Not applicable |
|
ITAR |
Not applicable |
Cloudamize infrastructure assessments do not collect Personally Identifiable Information (PII), Protected Health Information (PHI), or payment card data as part of the assessment process. Consequently, HIPAA, PCI DSS, and ITAR regulations are generally not applicable to the assessment platform.
Cloudamize does not collect application business data, user files, email content, database records, or other customer-generated content as part of an infrastructure assessment.
Data Residency
Assessment data is stored within AWS data centers based on the geographic region where the assessment is deployed.
Agent Security
The Cloudamize Agent is designed to provide comprehensive infrastructure discovery while maintaining a minimal impact on monitored systems.
Key characteristics include:
-
No system reboot is required during installation or operation.
-
Typical CPU utilization is approximately 0.5%, resulting in minimal performance overhead.
-
Built-in resource throttling automatically pauses or reduces collection activity if CPU or memory utilization exceeds predefined thresholds.
-
Data collection is performed by lightweight background services designed for continuous operation.
Agentless Security
For organizations that prefer not to install software on monitored systems, Cloudamize provides an Agentless data collection option.
The Agentless Collector securely gathers infrastructure information using standard operating system management protocols:
-
SSH for Linux systems
-
WMI for Windows systems
Collected data is securely transmitted to Cloudamize using encrypted TLS connections.
Unlike the Agent-based approach, management ports are required only between the internal Agentless Collector and customer systems. No inbound connectivity from Cloudamize into the customer environment is required.
Additional Security Resources
For the latest security certifications, compliance reports, and security documentation, visit the Cloudamize Trust Center.
If you have any queries, please get in touch with the helpdesk via our Helpdesk Portal or by email at helpdesk@cloudamize.com.