Prerequisites for Using the PFMigrate Utility
Prerequisites
Obtain the following details for the CipherTrust Manager to which the clients are attached:
-
CipherTrust Manager IP Address.
-
CipherTrust Manager port (by default it's 443).
-
Web Server Certificate Fingerprint of CipherTrust Manager from which you are importing the legacy data.
-
Username for CipherTrust Manager Administrator.
-
Password for CipherTrust Manager Administrator.
-
Domain for CipherTrust Manager, (by default its root).
-
The path of the ProtectFile share for the mount point mapping file
Prerequisites for Running the PFMigrate utility
Network Access
CipherTrust Manager must be reachable through port 443 from where you are running the pfmigrate
utility. If you cannot communicate through the port, fix that issue before proceeding.
Permissions
You can run the pfmigrate
utility from any Windows or Linux client that can access CipherTrust Manager. You can run it as any user and it does not require root or administrator privileges.
It can migrate the ProtectFile to CipherTrust Transparent Encryption/CTE UserSpace configuration elements on the same CipherTrust Manager which hosts the ProtectFile configuration. Alternatively, you can choose a different CipherTrust Manager for the CTE-U configuration.
Create a Mapping File
A mapping file is only required for Linux file servers that have encryption rules on NAS paths.
The mapping file is a JSON file that associates the share names, as they are defined in CipherTrust Manager, to their mount path on the file servers. The mapping file should contain an entry for each NAS share. A sample format for the mapping file is provided in Client Mapping.
If there are network shares configured on ProtectFile clients, you must create a mapping file in JSON format to map pf_share_id
to mount_point
(on client machine). Sample mapping file is as follows:
{
"mapping":[
{
"pf_share_name": "share1",
"mount_point": "/mnt/nfs/employee"
}
]
}
-
To create the map file, type:
./pfmigrate –c