PFMigrate Utility Modes
Different modes of PFMigrate
PFMigrate has three modes which you can call through the following flags:
Mode | Flag | Description |
---|---|---|
Create | -c | Creates input files for migration. |
Dry run | -d | Allows you to preview the output. |
Help | -h | Displays help information for pfmigrate. |
Version | -v | Displays the current version. |
Create Mode
This mode is used to create a sample file for migrating the clients from PF to CTE. Thales recommends that you run this mode before the Dry Run or Normal mode. This creates a file containing all of the clients present in PF. If you want to migrate only specific clients, than edit this file as needed. This mode creates a sample file: pfClientInfo.json
Example of pfClientInfo.json
[root@myvm PFMigrate] #cat pfClientinfo.json
Response:
"name": "JenkinsTest-c2a39e5cfbc3", "id": "7b4d60e3-b678-4aad-8672-780cl434a8c5", "ipHostname": "10.164.14.166", "isBootstrapped": true
Dry Run Mode
Dry Run mode is a simple validation mode to check if all of the added clients can be migrated. It runs a validation for all of the clients listed in the pfClientInfo.json
file to check if those clients can be migrated to CTE.
Thales recommends that you run in Dry Run mode before migrating the clients to CTE. When you run the utility in this mode, a Dry Run Report is generated. It produces a DryRun report, which contains a summary of clients that can be migrated successfully and those that will not be successful.
Example of Dry Run Report
[root@myvm PFMigrate] #cat DryRunReport
Response
[DryRun Mode] 2022/01/13 10:56:51 ---------------DryRun Report------------------------ [DryRun Mode] 2022/01/13 10:56:51 [DryRun Mode] 2022/01/13 10:58:38 [DryRun Mode] 2022/01/13 10:58:38 ---------------SUMMARY------------------------------ [DryRun Mode] 2022/01/13 10:58:38 Number of PF Clients: 2 [DryRun Mode] 2022/01/13 10:58:38 Number of failed CTE Clients: 0 [DryRun Mode] 2022/01/13 10:58:38 Number of successfully migrated CTE Clients: 2 [DryRun Mode] 2022/01/13 10:58:38 ------------------------------------------------- [DryRun Mode] 2022/01/13 10:58:38
Normal Mode
When the utility is executed in this mode, all the clients mentioned in pfClientInfo.json will be migrated to CTE. This mode first migrates all the access policies and after that it migrates the client, following that it migrates the encryption policies.
For each encryption policy in ProtectFile, two corresponding CTE policy is created. One is transform policy and one the actual encryption policy. If any client name had to be modified due to CTE naming convention then it is mentioned in the description field that the client has been migrated from PF client with name mentioned in it. Its even possible to check the mapping from the mapping file created at the completion of migration from PF to CTE. The mapping file is PfCteMapping.json
Example of Mapping.txt
[root@myvm PFMigrate] #cat PfCteMapping.json
Response
{ "mapping": [ { "pf_client_name": "Explorer c81d6a59al6", "cte_client_name": "explorer_c81d6a59al6" }, { "pf_client_name": "Win-Acceptance_db9c2e65746", "cte_client_name": "win-acceptance_db9c2e65746" } ] }{ "mapping": [ { "pf_client_name": "JenkinsTest-c2a39e5cfbc3", "cte_client_name": "jenkinstest-c2a39e5cfbc3" }, { "pf_client_name": "JenkinsTest-76f6d35b051e", "cte_client_name": "jenkinstest-76f6d35b05le" }, { "pf_client_name": "JenkinsTest-43b285028c16", "cte_client_name": "jenkinstest-43b285028cl6" }, { "pf_client_name": "JenkinsTest-7a63e0830ffc", "cte_client_name": "jenkinstest-7a63e0830ffc" } ] }