Import PTA to a New Machine

Use the following procedure to import your existing PTA data, settings, and configurations to a new PTA machine. The existing PTA machine will then no longer be used.

 

  • When migrating the PTA server to a new OS version (such as Red Hat 8.6 or 8.7 (Minimal Install) or its compatible forks, Rocky Linux or AlmaLinux), you must first upgrade the existing PTA server to version 12.2.6, 12.2.7, or 12.6 and then run the migration script.

  • The migration script runs in the background. The script can run for up to a few hours. Refer to the import PTA log (/tmp/import_PTA_data.log) for details on the progress of the script. Important messages are also written to the screen.

Migrate PTA to a new machine from a Standalone environment

  1. Deploy a new PTA server by following the steps in PTA manual installation. Do not perform any additional setup or configuration procedures, such as certificate configuration or prepwiz, prior to the data migration. Save a snapshot of the PTA server.

    When migrating the PTA server to a new OS version (such as Red Hat 8.6 or 8.7 (Minimal Install) or its compatible forks, Rocky Linux or AlmaLinux), you must first upgrade the existing PTA server to version 12.2.6, 12.2.7, or 12.6 and then run the migration script from the new PTA server. The new PTA server must be version 13.0 or higher and must support the new OS version.

  2. Log in to the new PTA server as the root user.

  3. To save the logs of the existing PTA server, run exportTool.sh without exporting DB and dump files. See Collect and Export Data from PTA for details.

  4. Navigate to the utility directory using the UTILITYDIR command and run the following command:

    ./import_PTA_data.sh

    The migration script begins. The script can run for up to a few hours.

    Before running the data import procedure, save a snapshot of the PTA image on the new PTA machine - Press Enter to continue after saving the snapshot.
    While the data import procedure runs in the background, the existing PTA machine will be down and you will not receive any data.
    After the data import procedure ends successfully, all PTA data will be contained on the new PTA machine.

  5. Provide the details of the existing PTA machine.

     

    If the script cannot connect to the existing PTA machine after three attempts, contact your IT administrator.

    Validate that you have access to root users on both PTA machines. If either user does not have a password, assign one. Validate that the users have PermitRootLogin valued with yes in the sshd_config file.

    Provide the details of the existing PTA machine.
    Enter the existing PTA machine IP:

  6. The tool opens SSH port 22 on the new PTA machine to migrate the data from the existing PTA machine.

    Opening port 22 on the new PTA machine for SSH communication with the existing (<IP>) PTA machine.
    Creating SSH Key on the new PTA machine for SSH communication with the existing (<IP>) PTA machine.
    Provide the password of the existing PTA machine.
    Enter the existing PTA machine password:

  7. The migration script stops the PTA Server on the existing PTA machine.

    The PTA Server will be stopped on the existing PTA machine (<IP>) - Press Enter to continue.
    Redirecting to /bin/systemctl stop appmgr.service

  8. If an export tool artifact is found on the remote server, the following prompt appears.

    Found an export tool artifact on the remote server. File name: <name> | Size <size>. Would you like to transfer it to this machine? This may increase the migration process time (y/n)

    The migration process begins.

    The migration script is running in the background. Refer to the migration log (/tmp/import_PTA_data.log) for details on the progress of the script.
    Start migrating data...
    Copying the configuration files...
    Copying the database files...
    Copying the Export Tool artifact. This might take a few minutes...

  9. If any error messages appear, navigate to the log and resolve the issue. When you open the log, address the error by searching for the version number and the task in which the error occurred.

     

    If the data migration process does not complete successfully, revert the new PTA machine using the snapshot that was saved in Step 1 and rerun the migration script.

  10. The data migration process is now complete and the following confirmation is displayed:

    Data migration completed successfully.
    Refer to the migration log (/tmp/importPTAData.log) for details.
    The migration process was completed successfully.
    Install VMWare Tools on the new PTA machine.
    The new PTA server IP should match the old PTA server IP. Perform the following:
    1. Save the IP address for later reference.
    2. Shut down the existing PTA machine.
    3. Assign the saved IP address to the new PTA machine. You might need your IT team's assistance.
    4. Start the PTA Server on the new machine.

Migrate PTA to a new machine from a DR environment

  1. Shut down the secondary PTA machine.

  1. Follow the instructions in Remove PTA Disaster Recovery configuration.

  2. Follow the instructions in Migrate PTA to a new machine from a Standalone environment.

  3. Deploy a new PTA server, which will be the secondary machine.

  4. Reconfigure the DR setup using the migrated PTA server, which will be the primary machine, and the new PTA server that will be the secondary machine. For details, see PTA Disaster Recovery.

  1. Follow the instructions in Migrate PTA to a new machine from a Standalone environment.

  2. Deploy a new PTA server, which will be the secondary machine.

  3. Reconfigure the DR setup using the migrated PTA server, which will be the primary machine, and the new PTA server that will be the secondary machine. For details, see PTA Disaster Recovery.

  1. If the PTA version is less than 12.2.6, upgrade the existing PTA server to version 12.2.6, 12.2.7, or 12.6.

  2. Follow the instructions in Migrate PTA to a new machine from a Standalone environment.

  3. Perform the instructions in Remove PTA Disaster Recovery configuration on the migrated PTA server.

  4. Deploy a new PTA server, which will be the secondary machine.

  5. Reconfigure the DR setup using the migrated PTA server, which will be the primary machine, and the new PTA server that will be the secondary machine. For details, see PTA Disaster Recovery.

Post migration validations

  1. The new PTA server IP and hostname must match the old PTA server. Perform the following:

    1. Save the old IP address.

    2. Shut down the old PTA machine.

    3. Assign the saved IP address to the new PTA machine. You might need your IT team's assistance.

      If you cannot assign the saved IP address to the new PTA machine,

      • Validate that the resolution of the PTA server DNS name matches the old PTA server to the new IP of the PTA server.

      • Update the PTA server IP for components that might have used the previous PTA server IP, such as Vault, SIEM, or PTA Agents that were configured with an IP address for PTA server connectivity. If the Vault configuration is changed, you must restart the Vault server application.

        For details, see Forward Log Data to PTA or Security Information and Event Management (SIEM) Applications.

      Any custom plugins installed on the old PTA Serve must be installed on the new PTA server. Follow the instructions in Install the developed plugin in PTA.

  2. Start the PTA server application on the new machine.

    service appmgr start

  3. Validate the PVWA-PTA connectivity from the PVWA System Health or Security Events pages.

    If there are connectivity issues, see Troubleshoot the Security Events Module in PVWA or Vault permissions validation.