Introduction

The Virtual Appliance (ap-x86-64) platform is a SUSE Enterprise Linux 12 .iso installation image, pre-bundled with the standard Linux SecureTransport installation package and a legacy hardware appliance console menu. Updates to SecureTransport follow the standard binary update process, requiring the download and execution of the Linux update package. Limited OS package updates are allowed using a private repository.

Problem

• Axway is deprecating the support of the Virtual Appliance (ap-x86-64) platform for SecureTransport effective July 25^th, 2026. After this date, no more updates or security fixes will be released. Extended support is not available due to compliance considerations.

• SUSE Enterprise Linux 12 will be out of general support by SUSE after Oct 31^st, 2024, entering the Extended LTSS support phase. Consequently, SecureTransport will no longer support new updates and fixes for SLES 12 past this date.

In regard to these events:

• New .iso images preloaded with SecureTransport will no longer be released after July 25^th, 2024. Original SLES images may be provided upon request.

• Private SLES 15 package repository access will allow customers to update their Virtual Appliance to SLES 15 until July 2026.

• SecureTransport will support updates and fixes for SLES 15 Linux on Virtual Appliance until July 2026.

Customers running SecureTransport on a Virtual Appliance platform must migrate to a different operating system before the end of support date. Axway recommends that the target OS is a Linux platform.

This article lists the steps you need to take to migrate an existing SecureTransport instance from Appliance Linux to another supported Linux platform (see Axway and third-party software support).

Resolution

General guidelines and restrictions

• You can use SecureTransport’s import/export account feature to export account information and settings from Appliance to Linux deployments. The export includes all account information including routes, templates, business units, applications, subscriptions, administrators, and roles.

• The account export file does not contain transfer data and log records.

• Importing the SecureTransport server configuration from an Appliance to a new Linux instance of SecureTransport is not supported. The server configuration must be reviewed and adjusted manually on the new Linux servers for all Server and Edge nodes.

• Plug-ins must be deployed/copied manually.

• Any changes made in configuration files (e.g. cluster setup, log4j, configuration.xml, or startup script tuning) must be replicated manually or copied on the new Linux deployments, if applicable.

• Pluggable transfer sites and AR Step configurations are part of the accounts and are therefore included in the account export. The Authorization and Authentication plug-ins are part of the server configuration and must be migrated manually.

• External scripts executed as part of the External Script step must also be copied manually to the new Linux deployments.

• Do not migrate any custom Transaction Manager rules. This feature is deprecated and no longer supported.

Prepare the new environment

1. Update the SecureTransport Appliance environment (both Server and Edge, and all cluster nodes in a cluster deployment) to the latest (or any supported) SecureTransport version at the moment of migration.

2. Prepare a new Linux OS environment running a supported Linux OS for SecureTransport operations.

3. Install the same SecureTransport version as in Step 1 on the environment you prepared in Step 2. For clusters, install SecureTransport in cluster mode on each node.

4. Manually configure the SecureTransport Servers and Edges in your new environment. This includes but is not limited to installing licenses and configuring:

• the cluster

• streaming connections

• protocol daemons

• SSL

• authentication

• AdHoc settings

• Password Policies

• Mail Templates

• User Classes

• Restrictions

• LDAP domains

• SSO configuration

• custom Web Client themes

• customized Server Configuration settings

• Sentinel configuration

• ICAP servers

Consider any additional changes in the server configuration options (for example, tuning parameters, allowed ciphers, sandbox folder location, etc.).

CAUTION! Do not use SecureTransport’s import/export server configuration feature. See Guidelines and Restrictions above.

5. Make sure that the accounts' folder storage location is the same as on the Appliance environment.

6. Identify all routes with an External Script step using the API call below:

curl -X 'GET' \
'https://ST_IP_OR_HOSTNAME:PORT/api/v2.0/routes?steps.type=ExternalScript' \
-H 'accept: application/json'

7. On the new setup, manually deploy any external scripts that you have identified in the previous step, and do a re-configuration if needed, for example, if their location is different, you must edit the path.

8. Install the same plug-ins on the new SecureTransport environment as on the Appliance environment (in a cluster, on every server). Note that:

• You must manually reconfigure the Authorization and Authentication plug-ins, if any.

• The pluggable transfer site settings will be imported when you import the account data during the migration, so there is no need to re-configure them.

9. Apply all configuration file changes from the Appliance environment to the Linux environment (e.g. startup scripts, log4j files, configuration.xml, etc.).

10. Turn off the Scheduler and Folder Monitor. For instructions, click here.

Migration steps

1. Stop all flows through the SecureTransport Appliance environment.

2. Export all accounts that have been configured in your Appliance environment:

• Open the Administration Tool on your SecureTransport Server (in a cluster environment, make sure it is the primary server) and click Accounts → Import/Export.

• Select Export Accounts and set an export password. This password is used to encrypt sensitive account information. You must provide it when importing the exported account data.

Exported data contains: Account Templates, user and service accounts with their respective account settings, account-based certificates, Certificate Requests and PGP keys, Transfer Sites, pluggable Transfer Sites, Transfer Profiles, Subscriptions, account-based Route Packages and Routes; server-wide certificates and Certificate Requests; Applications; Business Units; Route Package Templates and their Routes and Steps, including pluggable AR steps.

3. When the export completes, save the file in a location of your choice.

4. Increase the memory limit (JAVA_MEM_MAX) in the SecureTransport start scripts of the Linux environment. Use the same values as in your Appliance environment. For instructions, click here.

5. To accelerate the import process, set the server configuration option AuditLog.Enabled.Import to false. Re-enable it after the import completes successfully.

6. Log into the Administration Tool on your Linux environment (on the primary Server in a cluster environment).

7. Go to Accounts → Import/Export to import the file created in Step 3.

• Select Import Accounts.

• Click the Browse button and choose the export file created on your Appliance deployment.

• In the Password field, enter the password specified during the export.

• Click Import.