|
IMPORTANT: Contact One Identity Professional Services to acquire the tool for TPAM migration and receive guidance specific to your organization. The tool and custom support is not available through One Identity Support. |
The TPAM to Safeguard Migration Guide includes step-by-step instructions for migrating data from TPAM to Safeguard for Privileged Passwords as well as what to consider before and after the migration.
The following elements can be selected for migration.
Accounts and Systems relationships are migrated to Safeguard. Systems (Assets) are set up on a default partition profile and Accounts are tied to the Systems (Assets) migrated.
The following versions are required to perform the TPAM to Safeguard migration:
Activities to complete before performing the migration follow.
Plan the timing of the migration. Once started, if you close the migration tool, the migration will stop and partial data may be migrated.
Before starting the migration, ensure you have planned for post migration activities. For more information, see Post migration activities.
You can migrate Systems/Accounts, Collections, and Users from TPAM all at once. Or, you can perform the migration in smaller increments by entity or records in an entity. Some Administrators prefer migrating smaller datasets because of the shorter timeframes, ease of checking smaller datasets, and impact on the organization.
Follow these guidelines as you determine how you will migrate the data:
Systems/Accounts: Systems/Accounts must be migrated before Collections so the Collections can be assigned to Safeguard Systems/Accounts. Accounts can be migrated with or without passwords. For example, you may migrate Accounts without passwords, check the data, and then migrate the passwords. Or, you may want to enter passwords directly in Safeguard.
|
IMPORTANT: Before migrating account passwords, stop the TPAM password reset schedule to prevent the account passwords being reset by the schedule while the migration is in progress. |
To perform the migration, you will need the following permissions.
TPAM permissions: The User must be a CLI (command line interface) user in TPAM with ISA permissions to pull asset account passwords in TPAM and pass the asset account passwords to Safeguard.
Safeguard permissions: The User must have Asset Administrator, Security Policy Administrator, and User Administrator permissions in Safeguard.
TPAM authentication requires an SSH key. You will be asked to enter the SSH key file path (for example, a .txt file) before migrating data.
Ensure the correct platform is part of the Asset.
The file “platform_mapping.json” is included with the migration tool for customization of the Systems (assets) mappings.
If Safeguard contains custom Systems, modify the mapping file to include corresponding TPAM and Safeguard Systems (assets).
The JSON file includes a list of keys with corresponding value objects where key is the name of the System (asset) in TPAM and the corresponding value is an asset name and type from Safeguard.
“<Key>”: {“PlatformType”: “<SafeguardAssetType>”,
"DisplayName": “<SafeguardAssetName>”},
"HP ILO2": {"PlatformType": "HPiLO",
"DisplayName": "HP iLO 2 x86"},
"HP ILO3": {
"PlatformType": "HPiLO",
"DisplayName": "HP iLO 3 x86"},
"Linux": {
"PlatformType": "LinuxOther",
"DisplayName": "" },
If system type (PlatformType) in Safeguard is unique (for example, “Linux”), there is no need for DisplayName, but if the system type is not unique (for example, “HPiLO”), the display name needs to be added to make the target system unique.
A list of Safeguard assets can be obtained using Swagger:
https://<Server Name Or IP>/service/core/swagger/ui/index#/Assets
The list of TPAM assets follows.
AIX |
AIX LDAP |
AS400 |
BoKS |
BoKS Linux |
Cache Server |
CheckPoint SP |
Cisco ACS |
Cisco CATOS |
Cisco PIX |
Cisco Router (tel) |
Cisco Router (ssh) |
Cyberguard |
DELL iDRAC 8, 9 |
Dell Remote Access |
DPA |
ForeScout CounterAct |
Fortinet |
Fortinet 5 |
FreeBSD |
HC3 |
HP Non-stop |
HP- ILO |
HP - ILO2 |
HP - ILO3 |
HP - ILO4 |
HP - NonStop |
HP-UX |
HP-UX Shadow |
HP US Untrusted |
IBM Datapower |
IBM HMC |
JunOS |
LDAP |
LDAPS |
Linux tty |
Mac 10.4 |
Mac 10.5, 19.6 |
Mac 10.7 - 10.11 |
Mainframe |
Mainframe (ACF2) |
Mainframe LDAP ACF2 |
Mainframe LDAP RACF |
Mainframe LDAP TS |
Mainframe TS |
MS SQL Server |
MySQL |
MySQL 5.6,5.7 |
Net App Filer |
NetScreen |
NIS Plus |
Nokia IPSO |
Nokia IPSO 6.X |
Novell NDS |
OpenVMS |
Oracle (Legacy) |
Other |
PAN-OS |
POS 4690 |
ProxySG |
PSM ICA Access |
PSM Web Access |
SAP |
SCO |
Solaris |
Sonicwall (SonicOS) |
SPCW |
SPCW (DC) |
SPCW 2 |
SPCW (DC) 2 |
SPCW Pwd |
Stratus VOS |
Sybase |
Teradata |
Tru64 Enhanced Sec. |
Tru64 Untrusted |
Unixware |
Unixware 7.x |
VMware Vsphere |
Windows |
Windows Active Dir |
Windows Desktop |
Follow the steps below to launch the One Identity Migration Tool. Make sure you have the Safeguard for Privileged Passwords and TPAM IP addresses for authentication.
Click Connect to go to the login screen.
NOTE: If the appliance does not have a secure certificate, the following standard message displays: "This site is not secure. This might mean that someone's trying to fool you or steal any info you send to the server. You should close this site immediately." If you know the site is secure, click More information then click Go on to the webpage (not recommended) to accept the certificate. |
© ALL RIGHTS RESERVED. Términos de uso Privacidad Cookie Preference Center