立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 2.11 - TPAM Migration Guide

Collecting data and starting the migration

After the connection is made, you will select the entities (Systems/Accounts, Collections, and Users) to migrate, review the data, and then start the migration.

  1. After the Connected status displays on the Connection tab, click Select Data to Migrate. The Selection tab displays.

  2. On the Selection tab, select the entities to migrate from TPAM in the order you determined earlier (see Identify the order of migration).

    IMPORTANT: Do not migrate directory Assets and Accounts. After the migration, you can add them to Safeguard.

    If you select Accounts/Systems, you can migrate Account passwords or not:

    • Select Include Passwords to migrate the Account passwords.

      IMPORTANT: You must stop the password reset schedule on TPAM so account passwords are not reset by the schedule during the migration.
    • Leave Include Passwords clear to not include passwords in the migration. Later, you can perform another migration of Systems/Accounts and include the passwords or you can enter the passwords directly in Safeguard.

  3. Once the selections are made, click Collect Data.

    The message "Collecting data" displays along with a the number of objects collected and the total objects (e.g. 2 of 7).

    When collection is complete, the following message displays: "TPAM data collection complete." The number of records collected in the temporary database displays in parenthesis.

  4. You can migrate all the data or select records to be migrated. To view and potentially select records:
    1. Click .

    2. In the search field, enter characters to search all the fields and filter the results.
    3. Select the records that you want to migrate to Safeguard, if any. If you do not select records, all the records will be migrated. To toggle between viewing selected records or all records, click Show Only Selected or Show All.

      IMPORTANT: Do not migrate users that are in TPAM and Safeguard because permissions will be modified, the password will be reset, and other problems may occur.

    4. Click Save. The number of selected records and all records display in the parenthesis.

      NOTE: If you selected Systems, the number of accounts reflects the accounts for the selected Systems. For example, the collection may return 1000 Systems and 1300 accounts. If you select 300 of the 1000 Systems, there may be 500 accounts associated with the selected Systems.
  5. Export the data to a .csv file to review the data details prior to starting the migration.
    1. Click to export all entities or individual entities, as applicable.
    2. Save the file in the desired location. The .csv file name identifies the data is from TPAM (for example TPAM_Users_Export.csv).
    3. Review the TPAM .csv data before starting the migration. For example, you will see that a disabled designation for a Disabled user in TPAM carries over to Safeguard. You will also see the time zones are matched or, if there is no match, the default assigned. Columns on the right pertaining to the migration will be populated after the migration (for example, Is Valid and Is Exported).
  6. When the data is ready to migrate, click Start Migration.

  7. This message displays: "Overwrite data? Would you like to overwrite previously migrated data." Click Yes to overwrite the data or click No to migrate only data that is not already in Safeguard.

    During the migration, this message displays: "Migrating data to Safeguard...".

    IMPORTANT: Do not exit the migration tool. If you exit, the migration will stop and partial data may be migrated. If you do exit, you will need to start the migration again and overwrite existing Safeguard data.

    When the migration data is ready for your review, this message displays "Migration Complete." The number in parenthesis is the total migrated and the second represents all the records originally collected from TPAM. The bar represents the number of successful records (green), overwritten (yellow), and failed (red).

  8. When the migration processing is done, continue to Reviewing data and finishing the migration.

Reviewing data and finishing the migration

In the previous steps, the data was migrated from the temporary database to Safeguard for Privileged Passwords and this message displayed: "Migration Complete." Next, review the migration result, save passwords, and finish the migration.

  1. Click to see the following information:
    • The first line shows the number of total records, records successfully migrated, failures, and records over-written.
    • The following icons show the results for each record.

      Success: The data has been migrated to Safeguard.
      Failure: The data did not migrate to Safeguard.
      Overwritten: The data overwrote existing Safeguard data.
  2. Export the data to a .csv file to review the data details and migration process information.
    1. Click to export all entities or individual entities, as appropriate.
    2. Save the file in the desired location. The .csv file name identifies the data is from Safeguard (for example SGUsers_Export.csv).
    3. Review the .csv data file before finishing the migration. In addition to all the records migrated from TPAM to Safeguard, the columns on the right display migration information, including passwords. The order of the fields (below) may be slightly different based on the entity you selected.
      • Is Valid is TRUE if the data is valid per the checks or FALSE if, for example, there is an error mapping data.
      • Is Exported is TRUE if the data was exported to Safeguard or FALSE if the data was not exported.
      • Is Already Exists is FALSE if the data was not in Safeguard or TRUE if the data was in Safeguard at the time of migration.
      • Is Selected is TRUE for each record selected for migration by the user (or System if all records are migrated) and FALSE for records not selected.
      • Error Message describing any errors encountered in the migration.
      • Is Failed is FALSE if there is no error message or TRUE if there is an error message.
      • Password lists the generated user passwords.
    4. Save the .csv file so the Administrator can supply the generated passwords to the users, as needed.

      IMPORTANT: The password information is not retained after you complete the next step so the .csv file must be saved now.
  3. To finish the migration, click Done on the One Identity Migration Tool page.

  4. This message reminds you to export the .csv file displays: "Export Data. Would you like to export any migration data before finishing? User password information won't be retained after closing." If you have saved the migration .csv file, click No to finish the migration.

    You are returned to the Connection tab. You can start another migration, if desired. Or, you can sign out or close the utility.

Post migration activities

After the migration, Administrators may have activities to complete based on migration decisions and organizational procedures. The list that follows offers considerations for post migration activities.

  • Users
    • Permissions: The migration utility set user permissions to defaults. If necessary, change the defaults after the migration for users and groups.
    • Passwords: Distribute the randomly generated user passwords collected in the .csv file, as needed.
  • Assets (Systems in TPAM)
    • Asset account passwords: If the passwords were not migrated, set up passwords in Safeguard.
    • Directory assets or accounts: Use the Safeguard wizard to add directory assets and accounts to Safeguard.
    • Partitions: All migrated assets are placed in Safeguard's default partition profile. Change partitions, as necessary. TPAM partition data (including Users, Assets, Accounts, and so on) may need to be added to Safeguard.
    • Operating system platforms: Check the operating systems to ensure matches identified as "other" are assigned correctly in Safeguard.
  • Services and configurations the Administrators may want to consider adding or updating in Safeguard after the migration follow:
    • Access policy data
    • Account discovery
    • Affinity data
    • Archive servers / logs
    • Authentication services
    • Batch processing
    • Custom platforms
    • File or file group data
    • Generic integration
    • ISA policy
    • LDAP integration
    • Messages of the day
    • Password cache
    • Password check and change profiles
    • PSM connection profiles
    • PSM connection profiles data
    • Reporting data
    • Research
    • Restricted commands / management
    • Schedulers or jobs
    • Schedules
    • Session logs data
    • Session(s) data
    • Templates
    • Ticketing system
    • Users that are not local (for example, externally primary authenticated users)
相关文档