Problem

Axway is deprecating the support of the IBM AIX operating system for SecureTransport. We will stop releasing regular updates for this platform starting in April 2024. The last fresh installation package for AIX will be available in October 2023. Update packs will be available until April 2024.

Customers who have installed SecureTransport on an AIX platform must migrate to a different operating system. Axway recommends that the target OS is a Linux platform.

This article lists the steps you need to take to migrate an existing SecureTransport instance from IBM AIX OS to Linux OS.

Resolution

Guidelines and Restrictions

• You can use SecureTransport’s Import/Export Account feature to export the account information and settings from AIX to Linux deployments. The export includes only account information.
• The account export file does not contain any transfer historical data and log records.
• Importing server configuration from an AIX to a Linux instance of SecureTransport is not supported. Doing so will cause issues with the Linux instance. The server configuration must be performed manually on the Linux side for all backend and Edge nodes.
• Transfer Sites and AR Steps plugins are part of the accounts and are therefore included in the account export. The Authorization and Authentication plugins are part of the server configuration and must be migrated manually.
• Do not migrate any custom TM Rules. This feature is deprecated and no longer supported.

Preliminary steps

1. Update the SecureTransport AIX environment (both Backend and Edge, and all cluster nodes in the case of cluster) to the latest SecureTransport version at the moment of migration.
2. Prepare a Linux OS environment running a supported Linux OS for SecureTransport operations.
3. Install the same SecureTransport version that you used in step #1 on top of the (Linux) environment you prepared in step #2.
4. Manually configure your new environment’s SecureTransport Servers and Edges. This includes, but is not limited to installing licenses and configuring:
   • the cluster
   • streaming connections
   • protocol daemons
   • SSL
   • authentication
   • Adhoc settings
   • Password Policies
   • Mail Templates
   • User Classes
   • Restrictions
   • LDAP domains
   • SSO configuration
   • custom Web Client themes
   • customized Server Configuration settings
   • Sentinel configuration
   • ICAP servers
   • etc.
   Also, consider any additional changes in the Server Configuration options (for example, tuning parameters, allowed ciphers, sandbox folder location, etc.).
   CAUTION! Do not use SecureTransport’s Import/Export Server Configuration feature. See Guidelines and Restrictions above.
   
5. Make sure the accounts' folders storage location is the same as on the AIX environment.
6. Identify all routes with an External Script step using the API call below:
   

   curl -X 'GET' \
   'https://ST_IP_OR_HOSTNAME:PORT/api/v2.0/routes?steps.type=ExternalScript' \
   -H 'accept: application/json'
       

   
   
7. Manually deploy any external scripts that you have identified in the previous step on the new setup and do a re-configuration if needed, e.g., if their location is different, you need to edit the path.
8. Install the same plugins on the Linux SecureTransport environment as on the AIX SecureTransport environment (on every server in the cluster in case of a clustered environment)
   • Manually reconfigure the Authorization and Authentication plugins, if any.
   • The Pluggable Transfer Site’s settings (if any) will be imported when you import the account data during the actual migration, so there is no need to re-configure them.
9. Turn off Scheduler and Folder Monitor. For instructions, click here.

Migration steps

1. When ready to perform the migration, stop all flows through the ST AIX environment.
2. Export all accounts that you have configured in your AIX environment.
   
   • Open the Administration tool on your backend server (make sure it is the primary server if in a clustered environment) and click Accounts → Import/Export.
   • Select Export Accounts and set an export password. This password is used to encrypt sensitive account information. You must provide it when importing the exported account data.
     Exported data contains: Account Templates, user- and service Accounts, along with the belonging account settings, account-based Certificates, Certificate Requests and PGP keys, Transfer Sites, pluggable Transfer Sites, Transfer Profiles, Subscriptions, account-based Route Packages and Routes; server-wide Certificates and Certificate Requests; Applications; Business Units; Route Package Templates and their Routes and Steps, including the pluggable AR steps.
     
3. When the export completes, download and save the export file to a location on your computer.
4. Increase the memory limit (JAVA_MEM_MAX) in the ST start scripts of the Linux environment. For instructions, click here.
5. To accelerate the import process, set the Server Configuration option AuditLog.Enabled.Import to false. Turn it back on when the import completes successfully.
6. Log into the Administration Tool of your Linux environment (primary backend server if in a clustered environment).
7. Go to Accounts → Import/Export to import the account export file created in step #3 above.
   • Select Import Accounts.
   • Click the Browse button and choose the export file created on your AIX deployment.
   • In the Password field, enter the password specified during the export.
   • Click Import.