IBM Support

Migrating from a Type 9235 IBM WebSphere DataPower appliance to a Type 7198 or 7199 appliance

Technote (FAQ)


Question

How do you move your configuration from a Type 9235 DataPower appliance to a Type 7198 or 7199 appliance?

Answer

Type 7198 and 7199 hardware
The Type 7198 appliance is a 1U rack-mountable appliance. All technical specifications of the Type 7198 appliance can be found in announcement 111-153.

The Type 7199 appliance is a 2U rack-mountable appliance. All technical specifications of Type 7199 appliance can be found in announcement 111-069.

Among the differences that should be taken into account when preparing to migrate:

  • The power consumption and cooling system requirements.
  • The number of Ethernet connections.
    • Type 7198 appliances have six Ethernet connections. The management ports are labelled MGT0 and MGT1. The Ethernet interface names are ETH10 through ETH13, ETH20, and ETH21.
    • Type 7199 appliances have ten Ethernet connections. The management ports are labelled MGT0 and MGT1. The Ethernet interface names are ETH10 through ETH17, ETH20, and ETH21.
  • The location of CRU parts. Except for the power supply unit and the fans, most CRU parts are in the front of the appliance.
  • The serial console connector is an RJ45 connector. Use the RJ45-to-RS232 cable provided for serial connection.

Overview

You can migrate your configuration from a Type 9235 appliance to a Type 7198 or 7199 appliance using either of the following methods:
  • Export and import
  • Secure backup and restore

Regardless of each method, host aliases can help simplify the work required in migration as they allow any service that binds to a particular IP address to bind to a local host alias For more information see the topic Host Aliases in the knowledge center

The best practices and restrictions with each method are outlined in the following sections.

Export and import

To migrate your configuration using export and import, you can export your configuration on your current appliance, import this configuration into the new appliance, and then manually recreate the non-exportable configuration objects. The following restrictions apply:
  • Ethernet interfaces: Because the names of the Ethernet interface are different, you will see error messages during the import operation that indicate that the Ethernet interfaces do not exist . You will need to reconfigure the Ethernet settings. In other words you will want to be nearby the appliance with a serial cable to reconfigure the ethernet interfaces. If the ethernet interfaces are already configured as you like you may be able to avoid having to reconfigure the interfaces by not importing the default domain from your export.
  • Keys and certificates: The export and import process does not include the cryptographic material, so you must regenerate and upload all the keys and certificates to the Type 7198 or 7199 appliance. Also, all objects using these keys and certificates are in the "down" state. After the keys and certificates are regenerated and uploaded, reboot the appliance (or restart the domain) to make sure all objects are in the "up" state.
  • Hardware security module: On HSM-equipped appliances, private keys exported from Type 9235 appliances cannot be imported on to a Type 7198 or 7199 appliance. The HSM must first be initialized using the procedures documented in the DataPower Knowledge Center under Hardware Security Module. Then, you must regenerate and upload all the keys to the HSM.
  • Deployment policy: If you are migrating an appliance and do not intend to use the same IP addresses as the old appliance, you may want to consider using deployment policies to minimize the changes required for your configuration. For more information about deployment policies see the topic Deployment policies in the knowledge center.
  • Migration path:
    • To migrate from a Type 9235 XS40 appliance to a Type 7198 XG45 appliance:
      • With firmware version 4.0.2.0 and later, export and import is supported
      • With firmware version 4.0.2.1 and later, secure backup and restore is supported
    • The secure backup and restore is not supported to migrate from a Type 7198 or 7199 appliance to a Type 9235 appliance.

Secure backup and restore

To migrate your configuration using the secure backup and restore, the Type 9235 appliance must have disaster recovery mode enabled. To determine if disaster recovery is available, click AdministrationDeviceSystem Settings. If the Backup Mode property is set to Secure, disaster recovery is available.

The following restrictions apply when using secure backup and restore to migrate to a Type 7198 or 7199 appliance:
  • Firmware: The firmware version must be the same. You must first upgrade the Type 9235 appliance to the same firmware version as on the Type 7198 or Type 7199 appliance before performing the secure backup and restore.
  • Platform: The platform must be the same. The following migrations are supported
    • Type 9235 XS40 to Type 7198 XG45
        Note: Secure backup and restore is supported from a Type 9235 XS40 appliance to a Type 7198 XG45 with firmware version 4.0.2.1 and later. With firmware version 4.0.2.0, use export and import .
    • Type 9235 XI50 to Type 7199 XI52
    • Type 9235 XB60 to Type 7199 XB62
  • Hardware security module: On HSM-equipped appliances, the private keys on the HSM are not included in the secure backup.

After the restore completes, you must modify the following configuration:
  • Ethernet interfaces: Because the Ethernet interface names are different, you will need to reconfigure the Ethernet settings. In other words you will want to be nearby the appliance with a serial cable to reconfigure the ethernet interfaces
  • Hardware security module: On HSM-equipped appliances, private keys exported from Type 9235 appliances cannot be imported on to a Type 7198 or 7199 appliance. The HSM must first be initialized using the procedures documented in the DataPower Knowledge Center under Hardware Security Module. Then, you must regenerate and upload all the keys to the HSM.
  • TAM configuration file: TAM configurations must each have a unique set of configuration files so that no two TAM clients in the environment share the same files. This might require you to generate a new set of files for the TAM configuration files on the newly restored appliance.
  • iSCSI volume: The iSCSI volume needs to be re-enabled.

Related information

Knowledge Collection: How to upgrade DataPower firmware
Back up / export / import DataPower configuration
Host Aliases

Cross reference information
Segment Product Component Platform Version Edition
Business Integration WebSphere DataPower Integration Appliance XI52
Business Integration WebSphere DataPower B2B Appliance XB62
Business Integration WebSphere DataPower Service Gateway XG45

Document information

More support for: IBM DataPower Gateways

Software version: 4.0.2, 5.0.0, 6.0.0

Operating system(s): Firmware

Reference #: 1516505

Modified date: 12 December 2011