Migrate Data

When you have successfully completed the pre-migration tasks and considerations, you can actually perform a data migration with Data Migration Tool (DMT).

To perform a data migration with Data Migration Tool

1. Start Data Migration Tool:

   • On Windows, open the Start menu and navigate to Start > VASCO > Data Migration Tool.

   • On Linux, open a terminal window and run the following command (as root):

     /opt/vasco/dmt/bin/dmt

2. Select the source data type in the Data type list.

   

   Data Migration Tool – Source Data

3. Specify the source data details.

   Depending on the data type selected in the Source Data page, specify one of the following:

   • If you are migrating from OneSpan Authentication Server or OneSpan Authentication Server Appliance as data source:

     If Data Migration Tool runs on a computer that has more than one IP address in use, select the IP address to use when connecting to the source computer in the Bind to list. This may be important if a specific client or component record is required for administrative connections to the source computer.

     • To perform a password-only or Response-Only logon:

       1. Enter the password and/or the one-time password (OTP) for the administrator account.

       2. Click Connect.

     • To perform a Challenge/Response logon:

       1. If a password or keyword is required by the source system for this logon type, enter the password for the administrator or the Challenge/Response keyword. Otherwise, leave the Password box blank.

       2. Click Connect.

     

     Data Migration Tool – Source Data Details (OneSpan Authentication Server source)

   • If you are migrating from Authentication Server Framework as data source:

     Specify the location of the DIGIPASS import file.

     

     Data Migration Tool – Source Data Details (DIGIPASS import file source)

4. Specify the source data options.

   

   Data Migration Tool – Source Data Options

   If the authenticator BLOB data is encrypted with a custom storage key, select Use encryption.

   All authenticator BLOB data must use the same custom key, mixing BLOB data with different encryption is not supported!

   Specify the custom key by doing one of the following:

   • Select Read key from file. Specify the location of a key file to load the custom key from and type the key's corresponding password.

     This is usually an encryption key file (.esf). You can retrieve that, e.g. using Export Key Data via the OneSpan Authentication Server OneSpan Authentication Server Maintenance Wizard.

   • Select Enter encryption key and copy the actual key value into the Encryption Key box.

     If you are migrating from Authentication Server Framework, this is the storage derivation key. The derivation key is set using the four storage derive key kernel parameters, i.e. StorageDeriveKey1, StorageDeriveKey2, StorageDeriveKey3, and StorageDeriveKey4 as concatenated hexadecimal value.

     Note that you do not need to enter the hexadecimal prefix 0x!

      

     Storage-Derive-Key 1: 0x01234567

     Storage-Derive-Key 2: 0x89012345

     Storage-Derive-Key 3: 0x67890123

     Storage-Derive-Key 4: 0x45678901

     Data Migration Tool encryption key: 0x01234567890123456789012345678901

     For more information, refer to the Authentication Server Framework Product Guide.

   Authenticator BLOB data is always encrypted by default. You need to specify these settings only if a custom encryption key is used. If you are using default encryption, leave Use encryption unselected.

5. Select the destination data type in the Data type list.

   

   Data Migration Tool – Destination Data

6. Specify the destination data details.

   

   Data Migration Tool: Destination Data Details

   If DMT runs on a computer that has more than one IP address in use, select the IP address to use when connecting to the destination computer in the Bind to list. This may be important if a specific client or component record is required for administrative connections to the source computer.

   • To perform a password-only or Response-Only logon:

     1. Enter the password and/or the one-time password (OTP) for the administrator account.

     2. Click Connect.

   • To perform a Challenge/Response logon:

     1. If a password or keyword is required by the source system for this logon type, enter the password for the administrator or the Challenge/Response keyword. Otherwise, leave the Password box blank.

     2. Click Connect.

7. Specify the destination data options.

   

   Data Migration Tool – Destination Data Options

   If the destination data is encrypted using a custom storage key, select Use encryption and provide the location and password of the file that contains the storage key used by the destination system or enter the key value.

8. Specify general migration options.

   

   Data Migration Tool – General Migration Options

   Select the check boxes to enable the respective migration options, depending on your requirements:

   • Reset all DIGIPASS Applications. Reset authenticator application records during data migration (see Reset All DIGIPASS Applications).

   • Update existing records. Update existing records on the destination server with migrated data from the data source (see Update existing records).

   • Update license information. Allow component licenses to be migrated with their component records (see Update license information).

   • Test migration. Perform a migration test run to identify potential data migration issues (see Test migration).

   • Perform Windows name resolution. Look up the user name and the user domain of each user ID in the master domain from the data source (see Perform Windows name resolution).

   • Change Master Domain name. Set a new master domain for all user accounts in the master domain of the data source (see Change Master Domain name to).

   • Number of parallel reader threads. To improve data migration performance, you can increase the number of threads to read more data records in parallel (see Number of parallel reader/writer threads).

     If you are using a DIGIPASS import file as the data source, you cannot use more than one reader thread.

   • Number of parallel writer threads. To improve data migration performance, you can increase the number of threads to write more data items in parallel (see Number of parallel reader/writer threads).

     Since writing data is usually slower than reading, we recommend to use more writer threads and fully use the processor resources of the destination server.

9. Specify the tracing options.

   

   Data Migration Tool – Tracing Options

   If you select Basic tracing or Full tracing, type a name for the tracing file in the Filename box.

   For more information, see Tracing.

10. Review the migration settings to ensure that they are correct.

    

    Data Migration Tool – Review

    To change any migration settings, navigate back using Previous and Next.

11. Click Begin Migration to start the data migration process.

    

    Data Migration Tool – Migration

    The migration progress is displayed in the Migration page.

    The data migration may be aborted at any stage once the migration has begun. If a data migration has been aborted, it cannot be resumed at the point it was aborted—it must be restarted. You may, however, configure the next migration to not update existing records.

12. Verify the summary of the migration process and click Finish.

    

    Data Migration Tool – Summary