Migrating your Identity Provisioning tenant from SAP BTP, Neo environment to SAP Cloud Identity Services infrastructure brings key benefits.
Would you click the Migrate button when you read this? Or processes like update, upgrade, migrate – you name it, make you feel apprehensive about change no matter what the benefits are?
It’s a known fact that the fear of change is a fear of unknown. And, as scientists say, our brains find peace in knowing. How about getting to know migration better?
We give you 7 reasons why it is important for you to migrate:
Before clicking the Migrate button, there are important things you need to know and prepare for.
Preparation
Before migration, define a time window for running it. The migration process might take considerable time to complete depending on the amount of data you want to migrate. Also, make sure that no provisioning jobs are running. Stop manually triggered jobs and pause the scheduled ones.
During migration, your IPS tenant will be disabled. Other administrators of this tenant won't be able to perform any operation or system modification until it completes.
After migration, you will have access to your IPS tenant on Neo environment for 30 days. After that, the tenant is offboarded and cannot be restored. Although your Neo tenant will be available for 30 days, we recommend that you do not perform any operations on it, such as running jobs, adding provisioning systems and others.
Expectation
Here is our initial set up: In the IPS tenant on Neo, there are 3 systems (1 source, 1 target and 1 proxy). The source system has a modified transformation. The target system has an outbound certificate generated, while the proxy system has an inbound certificate imported.
Here is what you could expect:
Procedure
1. Log in to your IPS tenant and select Tenant Migration.
2. Choose Migrate.
3. Select the target IAS tenant and choose Next Step. After migration, this will be the common SCI tenant where IAS and IPS service instances will be enabled.
The read-only details about the IAS target tenant are displayed. There is no existing IPS for the selected tenant. Therefore, a new IPS tenant will be created and your data will be migrated there. If Existing IPS was set to true, the existing IPS will be reused.
4. Select the Source Systems you want to migrate and choose Next Step.
5. Select the Target Systems you want to migrate and choose Next Step.
6. Select the Proxy Systems you want to migrate and choose Review.
7. Review your configurations and choose Finish.
8. Choose OK to confirm that you want to run the migration.
You are informed that your tenant is being migrated.
9. You are informed that the migration completed successfully. Choose OK.
Note: Once your migration completes successfully, you cannot trigger it again. Any data that you haven't selected for migration, and you want to migrate as well, must be exported and manually imported in your SCI tenant within 30 days.
You are informed that your IPS tenant is already migrated to https://<ias-host>/ips on the SCI infrastructure and that the IPS tenant on Neo will be deleted on the given date.
You can start using your IPS tenant on the SCI infrastructure.
1. Log in to your IAS tenant with your admin user at: https://<ias-host>/admin
2. Navigate to Administrators, select your admin user and assign it the Manage Identity Provisioning role.
The migration process created a new technical user of type System - called PROXY. It holds the inbound certificate of the migrated proxy system.
3. Log in to your migrated IPS tenant. The URL follows the same pattern: https://<ias-host>/ips.
4. Open your source system.
Although its transformations were modified in the old Neo tenant, as you can see below…
… the modified transformations in the migrated tenant are with status initial, which means that you cannot reset them to an earlier version:
5. Open your target system and view that its outgoing certificate is migrated.
6. If all your data is migrated and everything is correct, return to your IPS tenant on Neo and disable the provisioning systems.
7. In your IPS tenant on SCI, you need to perform some manual post-migration steps, if you have configured the following scenarios:
For more information, see step 5 and 6 in the Next Steps section here: Migrating Identity Provisioning Tenant.
8. Enable the provisioning systems and run the provisioning jobs in the migrated IPS tenant.
Note: The first provisioning job runs in full read mode, even if delta read has been configured. After successful full read, jobs with ips.delta.read set to enabled run as expected, that is, only modified data is provisioned.
This was a simple scenario with a small amount of data, which of course cannot reflect yours. Its only purpose was to let you know more about the way migration works. The more you know, the better prepared you are.
Watch this video for a detailed walkthrough!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
29 | |
13 | |
12 | |
10 | |
9 | |
9 | |
9 | |
7 | |
7 | |
6 |