PlateSpin Migrate Connector for PlateSpin Transformation Manager provides an interface between a single PlateSpin Transformation Manager server and one or more PlateSpin Migrate servers to automate the execution of large-scale data center transformation projects. After you create transformation plans for workloads in PlateSpin Transformation Manager, PlateSpin Migrate Connector reads them and creates migration tasks for the workloads on assigned PlateSpin Migrate servers. The connector manages and monitors the workload migrations across all PlateSpin Migrate servers, and reports the migration workflow status to PlateSpin Transformation Manager.
This document provides information about installing and configuring the connector.
PlateSpin Migrate Connector supports Windows and Linux workload migration for the following transformation types:
Physical to virtual (VMware)
Virtual (VMware) to virtual (VMware)
PlateSpin Migrate Connector provides several advantages for planning, managing, and executing workload transformation projects:
Automatically discovers source workload information
Automatically discovers target hosts (VMware clusters only)
Automates the execution of workload migrations
Allows for a high level of workflow customization
Allows you to use Python scripting to create custom callouts that validate migration data and automate test phases
Allows a user to track the progress of workload migrations on many PlateSpin Migrate servers in a single console
PlateSpin Migrate Connector for PlateSpin Transformation Manager requires the following hardware, software, and network settings in your data center environment.
You deploy PlateSpin Migrate Connector on your own server running SUSE Linux Enterprise Server (SLES) Service Pack 4 (SP4). You can install the connector on the PlateSpin Transformation Manager 1.0 Appliance VM, or on a separate SLES 11 SP4 server in your network environment.
This release connects the following products that are installed in the same data center environment:
PlateSpin Transformation Manager 1.0
For information about this product, see the PlateSpin Transformation Manager Documentation website.
PlateSpin Migrate 12.1
PlateSpin Migrate Connector can connect to one or more PlateSpin Migrate servers. See Section 7.0, Configuring Connection Information for PlateSpin Migrate Servers.
IMPORTANT:If the Role service WebDAV Publishing is installed on the PlateSpin Migrate server, uninstall it from Server Manager > Roles > Web Server (IIS) > Role Service > Common HTTP features > WebDAV Publishing.
For information about this product, see the PlateSpin Migrate Documentation website.
PlateSpin Migrate Connector requires network connectivity to the PlateSpin Transformation Manager server, the PlateSpin Migrate servers, and all of the workloads and target hosts to be discovered. For workload discovery, certain ports must be open in firewalls for the source workloads and target hosts to be discovered. For information about the software, network, and firewall requirements for discovery of sources and hosts, see Requirements for Discovery
in the PlateSpin Migrate 12.1 User Guide.
For secure HTTPS connections between PlateSpin Migrate Connector and PlateSpin Transformation Manager, you must modify the Jetty SSL settings on the PlateSpin Transformation Manager Appliance VM to update it with the latest recommended security settings. This update addresses the Logjam attack and avoids the ssl_error_weak_server_ephemeral_dh_key error in recent browsers.
To update the Jetty SLL settings for the appliance:
Log in to the PlateSpin Transformation Manager Appliance VM with the vaadmin or root user account.
In a text editor, open the /opt/microfocus/ps_transform_mgr/jetty/etc/jetty-ssl.xml file.
In the ExcludeCipherSuites array, locate the following line:
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
Immediately below this line, add the following lines to disable the cipher suites with Diffie-Hellman key exchange:
<!-- Disable cipher suites with Diffie-Hellman key exchange to prevent
Logjam attack and avoid the ssl_error_weak_server_ephemeral_dh_key error in
recent browsers -->
<Item>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</Item>
<Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA256</Item>
<Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
After the change, the contents of the file should look like this:
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<!-- ============================================================= -->
<!-- Configure a TLS (SSL) Context Factory -->
<!-- This configuration must be used in conjunction with jetty.xml -->
<!-- and either jetty-https.xml or jetty-spdy.xml (but not both) -->
<!-- ============================================================= -->
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="etc/keystore"/></Set>
<Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
<Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="OBF:1u2u1wml1z7s1z7a1wnl1u2g"/></Set>
<Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default="etc/keystore"/></Set>
<Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
<Set name="EndpointIdentificationAlgorithm"></Set>
<Set name="NeedClientAuth"><Property name="jetty.ssl.needClientAuth" default="false"/></Set>
<Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set>
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
<!-- Disable cipher suites with Diffie-Hellman key exchange to prevent Logjam attack
and avoid the ssl_error_weak_server_ephemeral_dh_key error in recent browsers -->
<Item>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</Item>
<Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA256</Item>
<Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA256</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
</Array>
</Set>
<!-- =========================================================== -->
<!-- Create a TLS specific HttpConfiguration based on the -->
<!-- common HttpConfiguration defined in jetty.xml -->
<!-- Add a SecureRequestCustomizer to extract certificate and -->
<!-- session information -->
<!-- =========================================================== -->
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg><Ref refid="httpConfig"/></Arg>
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
</Call>
</New>
</Configure>Save the file, then close the text editor.
In a terminal console, restart PlateSpin Transformation Manager by entering
rcps_transform_mgr restart
For successful host discovery, you must configure certain fields in PlateSpin Transformation Manager for each host to be discovered:
Name
IP/DNS Name
Credentials (must be valid)
Hypervisor (VMware only)
Cluster Name
If a host discovery fails, it will automatically retry every 25 minutes (configurable).
For successful source workload discovery, you must configure certain fields when you import information for each workload to PlateSpin Transformation Manager:
FQDN or Hostname
Type (Physical or Virtual)
Username
If the workload belongs to a domain and domain credentials are required for logon, ensure that you enter the workload username in the down-level logon name format <NetBIOS_domain_name>\<username>, such as CORPDOM\Administrator.
Password
Operating System
PlateSpin Migrate Connector 1.0 is available for download on the PlateSpin Transformation Manager 1.0 Download page on the NetIQ Downloads website. Download the platespin-migrate-connector-1.0.0-3.noarch.rpm file.
Complete the following steps to install PlateSpin Migrate Connector.
Log in to the SLES 11 SP4 server with a local administrator account.
Copy the platespin-migrate-connector-1.0.0-3.noarch.rpm file that you downloaded to a location on the server.
Open a terminal console, then install the RPM:
rpm -ih platespin-migrate-connector-1.0.0-3.noarch.rpm
Continue with Section 5.0, Configuring PlateSpin Migrate Connector.
Complete the following steps to configure PlateSpin Migrate Connector.
Log in to the SLES 11 SP4 server with a local administrator account.
In a text editor, open the /opt/microfocus/migrate_connector/config/settings.cfg file.
Configure the values in the top section called [PlateSpin Transformation Manager Server].
|
Option |
Description |
|---|---|
|
ptm_api_url |
Specify the URL of the REST API on your PlateSpin Transformation Manager server. For example, if you install PlateSpin Migrate Connector on the appliance, the URL is https://localhost:8183/restapi |
|
ptm_username |
Specify the email address of a valid user account on your PlateSpin Transformation Manager server that has been assigned a System Administrator role. NOTE:We recommend that you create a dedicated user account in PlateSpin Transformation Manager for the connector to use. We recommend System Administrator privileges for the account in order to allow PlateSpin Migrate Connector to execute on any project. The user account must have at least Project Architect level privileges for the projects on which the Connector should execute. See |
|
ptm_password |
Specify the password for the user account. |
|
verify_ptm_ssl_cert |
Specify whether you want to require the certificate to be validated for connections to the PlateSpin Transformation Manager server. Valid values are false or true. The default is to disable validation (false). |
(Optional) View the default settings for the connector, and modify the settings to values that are appropriate for your environment.
Save the file, then exit the text editor.
Start or restart PlateSpin Migrate Connector. See Section 6.0, Starting PlateSpin Migrate Connector.
Log in to the SLES 11 SP4 server with a local administrator account.
In a terminal console, start the integration by entering:
rcps_migrate_connector start
The connector connects immediately with your PlateSpin Transformation Manager server and begins processing data.
(Optional) View the log file at /var/opt/microfocus/migrate_connector/logs/migrate-connector.log.
You provide connection information about the PlateSpin Migrate servers on the Resources > Migration Servers tab in PlateSpin Transformation Manager. See Managing Migration Server Resources
in the PlateSpin Transformation Manager User Guide.
If a failure occurs at any step during the workload discovery workflow or migration workflow, an error message appears at the top of the workload’s Transformation Plan dialog in PlateSpin Transformation Manager. Mouse over the error message to view a tooltip with additional troubleshooting details.
Our goal is to provide documentation that meets your needs. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the PlateSpin Transformation Manager Documentation website, or email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
Copyright © 2016 NetIQ Corporation, a Micro Focus company. All Rights Reserved.