Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Policy Migration

Running PFMigrate

search

Please Note:

You are not viewing the most recent version of this page. 3.2.0 is the latest version available.

Running PFMigrate

Note

Prior to running the utility, it is assumed that there exists a ProtectFile client registered on a CipherTrust Manager with some active ProtectFile rules. Also, that you have gone through the Prerequisites for Using the PFMigrate Utility.

The pfmigrate utility is now ready to run.

  1. Navigate to the directory that you copied the pfmigrate utility into and run it, type:

    • In Linux, type: ./pfmigrate --productname <product-name> <mode>

    • In Windows, open a command prompt and run the pfmigrate.exe file as:

      pfmigrate.exe --productname <product name> <mode>

  2. The utility prompts you for the following information. Provide the answers at each step:

    • Enter IP address of the CipherTrust Manager from which you are importing CTE UserSpace data

    • Enter the port of the CipherTrust Manager from which you are importing CTE UserSpace data (Default 443).

    • Enter Web Server Certificate Fingerprint of the CipherTrust Manager from which you are importing CTE UserSpace data

    Note

    Copy the Web Server Certificate Fingerprint from CM, in Access Management > Registration Tokens.e}

    • Enter username of the CipherTrust Manager which is part of ProtectFile Admins and CTE Admins group

    • Enter the password of the CipherTrust Manager

    • Enter the domain of the CipherTrust Manager (optional)

    • Do you wish to migrate Network Shares configured with CTE linux clients? (Y/N)

    Note

    If yes then the utility will scan the current working directory for the Mapping.json file. Make sure you have edited the file before proceeding further.

    • Is the source CM, you are importing CTE data, different from the target server CM where you want to create CTE endpoints? (Y/N)

    Note

    For CTE-U v10.x, the utility expects the same set of key material on the target CM as that of the source CM.

  3. The pfmigrate utility runs.

The utility can take some time to finish. The utility creates a log of its operations in the file Migrations.log in the current directory. After it finishes, examine the log file for any errors. Also login to the CM and go through the configuration elements created by the utility.

The pfmigrate should have created at least one GuardPoint for each ProtectFile encryption rule, it will be in the disabled state. If they don’t exist, check the migration logs, rectify the cause, and run the pfmigrate utility again.

  • Production GuardPoint: Created in disabled state and used for applying production policy.

If you are migrating ProtectFile to CTE, there will be an additional GuardPoint created:

  • Transformation GuardPoint: Created in disabled state and used for data transformation. Used for applying the production policy.This policy helps encrypt future files as well as decrypting the content of the files based on access privileges.

On this page