CentOS 7 migration target

This topic describes requirements for building the CentOS 7 migration target server.

Overview

The designated migration target server is built and loaded with A32.00 running on CentOS 7. As part of the upgrade/migration procedure, data is migrated to the target from the source server. Later, depending on the appliance type of the source server, either the target replaces the source as the system machine, or, the source is repurposed with A32.00 CentOS 7 and data is migrated back to it from the target.

Choose your migration target appliance type

Choose your migration target appliance type based on your source appliance type.

The choice of your target appliance type is based on your current source node appliance type. Use the table below to see list of available migration target appliance types.

The migration method shown in the table all depends on the source appliance types. After data is migrated to the target from the source, either:

  1. The migration target machine replaces the source machine (for other source node appliance types).

  2. The source is repurposed and data is migrated back to it (primarily for AlgoSec hardware appliances: 2063, 2203, 2403 source nodes).

Existing source appliance type

Migration target appliance type

Migration method

AlgoSec hardware appliances: 2063, 2203, 2403

  • Virtual appliance (temporary)
  • AlgoSec hardware appliances: 2063, 2203, 2403

  • Repurposed HA/DR machine1

Repurpose source machine. Migrate data back from target.

 

AlgoSec hardware appliances: 2062, 2162, 2322

or earlier

  • Virtual appliance (permanent)
  • Host based appliance (AWS/Azure image)2
  • AlgoSec hardware appliances: 2063, 2203, 2403

Discard source machine. Replace source machine with target. 3

Virtual appliance

 

  • Virtual appliance
  • Host based appliance (AWS/Azure image)2
Discard source machine. Replace source machine with target. 3

Host based appliance (AWS/Azure image)

  • Host based appliance (AWS/Azure image)2
Discard source machine. Replace source machine with target. 3

Native Linux server

(Note: Native Linux server is not supported in A32.00)

  • Virtual appliance
  • AlgoSec hardware appliances: 2063, 2203, 2403
  • Host based appliance (AWS/Azure image)

Discard source machine. Replace source machine with target. 2

1 Only AlgoSec hardware appliances: 2063, 2203, 2403 are supported. For data migration to DR machines, make sure the UL/DL datalink has sufficient bandwidth. AlgoSec Hardware Appliance 2063 requires RAM Upgrade. Consult with your support engineer.

2If you have Azure subscriptions setup on ASMS running a version prior to A32.00, after you upgrade ASMS to A32.00, and monitoring is disabled (globally or specifically for these subscriptions), perform the following for proper Azure analysis functionality: For each of the Azure subscriptions setup in ASMS, perform Device re-setup (Edit-Finish) in AFA Administration>Devices Setup.

3Target machine IP (or public IP) can be changed after the migration is complete using the change IP option from the Administration (algosec_conf) menu. For AWS, see Allocating an Elastic IP address.

Back to top

Migration target system requirements

  • Cores: must have same number of cores as the source CPU or more (8 cores minimum).
  • RAM: must match or be higher than the source (but 32 GB minimum).
  • Disk: Total disk space in the /data partition on target machine must match or be higher than the disk space on the /data partition on the source machine.

    Tip: If required for new VM appliances with insufficient space, we highly recommend that you extend your existing hard disk as opposed to adding additional hard disk(s). For steps, see Increase disk space of a new AlgoSec VM.

    Tip: Available disk space can found by running the following command in the CLI:

    df -h /data

  • Disk write speed: We recommend disk write speed of at least 300MB/s; system performance will improve as the speed increases. Minimum allowable is 80MB/s.

  • Bandwidth: for the NIC (Network Interface Card) minimum 100 Mbit/s. Recommended 1 Gbit/s.

  • License: target machine must have a valid license. Modules covered by the migration target license should match or exceed the source license.
  • Build numbers: ASMS builds (AlgoSec-appliance, AFA, AFF) must match between source and target machine.

    Note: if AFF is not in use, nor is configured, AFF build versions can differ on source and target machine.

  • Physical appliances: only new or repurposed AlgoSec hardware appliances: 2063, 2203, 2403 can be deployed as target servers. (2063 requires RAM Upgrade. Contact your sales representative).
  • Virtual appliances: the newest VMware Tools package version must be installed and up-to-date. See Best practices for your AlgoSec VMware Deployment .

  • Ports: Any firewalls between source and target should allow traffic between the following ports:

    Type
    Port
    ICMP  

    SSH

    TCP/22
    HTTPS TCP/443
    postgrsql TCP/5432
    HA/DR TCP/9595

    Ensure that the target machine has connectivity to external servers if they're defined in the source machine, as follows:

    Type
    Port
    Mail server TCP/25 (or customer-defined port)

    NAS server

    TCP/2049

     

Back to top