Introduction
This document provides a high-level overview of the DataPower migration project, also known as the DataPower Refresh project, and deals with migration from physical (hardware) DataPower appliances to virtual (VM, Docker, Linux service) DataPower form factor. This is not meant to be a step-by-step implementation guide but rather a list of topics to discuss and consider as part of a migration planning. The migration should be performed by a certified DataPower SME.
General
- The process is recommended to be performed as lift and shift technique by migrating a whole appliance at a time rather than breaking it down into groups of services, applications, or application domains.
- It is generally recommended to perform the migration without making any additional changes (firmware upgrades and etc). If required, work on these changes before the migration begins.
- As the migration is performed between different DP appliance form factors, Secure Backup method can’t be used, therefore, the migration should utilize the Export/Import Configuration feature.
Review current DP implementation
- Review architecture, network, HSM, and security implementation.
- Review service implementation.
- Check if there are any stateful services in use.
- Review chained services.
- Review any non-exportable configuration e.g. IPMI settings, local user accounts, cryptographic files in crypto folders, keytab and LTPA files, keys on HSM. Password Aliases might be missing as well depending on the Domain Settings for password handling.
- Check if there are any custom files in the store folder.
- Make sure all crypto files in use are available externally as these aren’t part of the configuration export. If files are missing, plan with the client generation and deployment of new files before the migration.
- Check firmware version in use vs destination DP version requirements. Should firmware on the source DP be upgraded? Should firmware on the destination DP be downgraded?
- If firmware upgrade required, check deprecated and removed features in the new version and if there is any impact on the current configuration.
- Make sure optional modules used by current DP implementation are supported on the destination form factor DP appliance.
Devise migration plan
- Plan the migration approach - lift and shift vs coexistence.
- Aim to avoid downtime (different techniques available for cluster and standalone implementations).
- Plan how to remove DP from getting new workloads, consider the following scenarios:
- External clients initiate inbound connections to DP – direct or through NLB.
- DP initiates outbound connections for messaging, file transfer, and etc.
- External systems communicate with DP using non-application means.
- Cache and persistent connections.
- Quiesce.
- Plan if any external to DP configuration should be addressed e.g. new IP addresses, NLB configuration, and etc.
- Plan for firewall rule changes for inbound requests - API consumers, monitoring, jumpbox, DPOD, and etc.
- Plan for firewall rule changes for outbound calls - API backends, LDAPs, monitoring, DPOD, and etc.
- Plan default domain migration.
- If required, plan for destination DP appliances cloning.
- Plan post migration testing strategy:
- External clients initiate inbound connections to DP – direct or through NLB.
- How to tell if a transaction failed due to the migration?
- How to tell if an object down due to the migration?
- Decide about the period of post migration support.
- Review and sign of the migration plan and coordinate tasks with different teams.
Migration process
- Make sure you have physical access to the old DP appliances.
- Work according to the devised migration plan.
- Upload crypto files.
- Import configuration.
- Sanity testing.
- Regression testing.
- Cut over to the target deployment.
Bibliography
- Webcast Replay: IBM DataPower Firmware Upgrades and Migration between Hardware Generations
- Available modules by product
- DataPower Gateway for Docker
- Oracle data sources
- IBM Support - Migrating a physical DataPower appliance to a virtual edition