Non-IBM Disclaimer

The postings on this site are my own and don't necessarily represent IBM's positions, strategies or opinions.

Friday, February 9, 2018

DataPower migration

The following technote outlines lifecycle dates for DataPower hardware appliances. In a nutshell, currently there are numerous DataPower hardware appliances that are supported under IBM S&S contract:
  • XG45, XI52 and XB62 will be end of life on Dec 31, 2019
  • IDG has no end-of-life date published yet. However, since the GA was on Nov 2014, the EOS date might be published soon. (UPD - IDG end-of-service and end-of-life dates were published - June 30, 2023).
  • New IDG X2 has been recently announced and generally available as of March 2018 or June 2018, depending on if HSM module is required or not.

IBM support beyond the end-of-life date might be possible, however, customers would need to purchase an extended support option, which is not always available and might not be cost effective. An alternative would be migrating to supported hardware or virtual models. Migration should be carefully planned and coordinated with various internal teams (network, business, security etc), external partners and customers. Overall, the migration process consists from the following stages:
  • initial installation - rack mounting, network, firmware upgrades.
  • moving all configuration from old appliances - probably using Secure Backup & Secure Restore capability. Otherwise, if migrating manually, it might require significant effort especially with the crypto files i.e. certificates and private keys
  • making changes due to the destination appliance characteristics. For example, the ETH naming convention in IDG appliances was changed comparing to previous 9235 type and migrating from older appliances required manual adjustments.
  • testing - make sure the migration didn't cause any new issues.
  • official go live.

Note, as for DataPower XG45 and XI52 virtual appliances - it is possible to convert old models into IDG using IBM provided tool.

 Some questions to consider while planning the migration:
  1. Is it possible to use the secure backup option for the migration?
  2. If going the export configuration path, are all the crypto files available externally to the old DataPower appliance?
  3. Do you prefer the same day cut over migration or coexistence? Each option has different impacts and requirements from the IT perspective.
Are you ready for this End Of Support? Feel free to reach out with any question.

Useful links:
  1. Secure Backup/Restore considerations
  2. Disabling a feature/module  
  3. Migrating a physical DataPower appliance to a virtual edition
Posted by No comments:
Labels: , , ,
Subscribe to: Posts (Atom)