IBM Cloud Docs
Migrating resources from Secure Gateway to Satellite Connector

Migrating resources from Secure Gateway to Satellite Connector

You can use the Secure Gateway API to migrate your Gateways and Destinations to Satellite Connectors and Connector endpoints

Prerequisites

Get the details of your Gateways and Destinations.

Migrating a Gateway to a Connector

  1. Migrate your Gateway to a Connector by using the migrate2connector API. For more information, see the Migrate a Gateway to Satellite Connector API reference.
    curl -X PUT -H 'Authorization: Bearer <IAM token>' -H 'Content-Type: application/json' -d '{ "connector_id": "A2FbRFtwNfatanQRLjrujBKmVmfOk7NjXYZIWAoVLNfd1PTXJ93aH3J", "token" : "iam_token" }' 'https://sgmanager.us-south.securegateway.cloud.ibm.com/v1/sgconfig/{gateway_id}/migrate2connector'
  2. Verify your Gateway was migrated by reviewing your Connector in the Satellite console.

Migrating Secure Gateway Destinations to Connector endpoints

You can migrate all the destinations under a Gateway to multiple Connector endpoints or an individual destination to a Connector endpoint.

If your Secure Gateway Destination name doesn't comply to the Connector endpoint naming policy, you can force rename the destination during migration, by using the force=true option. You can check the endpoint name used by running the API without the force=true option.

  1. Migrate your Gateways to Connectors or Create a Connector. Make a note of your Connector ID and IAM token. For more information, see the Migrate Destinations to Satellite Connector endpoints API reference.

  2. Migrate your Destinations to endpoints by using the migratedestinationtoconnector API. Review the following examples to determine your use case.

    • Migrate all Destinations to Connector endpoints.

      curl --request PUT \
--header 'Content-Type: application/json' \
--data '{"token":"<connector_iam_token>","connector_id":"<connector_id>"}' \
--header 'Authorization: Bearer <sg_gateway_token>' \
https://<sg_server>/v1/sgconfig/<sg_gateway_id>/migrate2connector

    • Migrate a single Destination to a Connector endpoint.

      curl --request PUT \
--header 'Content-Type: application/json' \
--data '{"token":"<connector_iam_token>","connector_id":"<connector_id>"}' \
--header 'Authorization: Bearer <sg_gateway_token>' \
https://<sg_server>/v1/sgconfig/<sg_gateway_id>/destinations/<sg_destination_id>/migrate2connector

  3. Verify that your Gateways and Destinations were migrated. View your Connectors and endpoints in the Satellite console.

Example migration requests

Example request to migrate all destinations to Connector endpoints and include the force=true option.

$ curl --silent --request PUT --header "Content-Type: application/json" --data "{\"region\":\"stage-south\",\"token\":\"${CONNECTOR_TOKEN}\",\"connector_id\":\"${CONNECTOR_ID}\"}" --header "Authorization: Bearer ${SG_GATEWAY_TOKEN}" "https://sgmanager.us-south.securegateway.test.cloud.ibm.com/v1/sgconfig/${SG_GATEWAY_ID}/migrate2connector?force=true" | jq
{
  "migrated": [
    {
      "id": "5B9oNcWGY67_deY76",
      "description": "endpoint2"
    },
    {
      "id": "5B9oNcWGY67_nfTP5",
      "description": "endpoint 1",
      "new_endpoint_name": "endpoint-1"
    }
  ],
  "failed": [
    {
      "id": "5B9oNcWGY67_TBGie",
      "description": " cloud endpoint",
      "reason": "Connector does not support cloud type endpoint."
    }
  ]
}

Example request to migrate a Destination that doesn't comply to the Connector endpoint naming convention. Note that this results in a naming error. You can retry the request and use the force=true option to force renaming.

curl --silent --request PUT --header "Content-Type: application/json" --data "{\"region\":\"stage-south\",\"token\":\"${CONNECTOR_TOKEN}\",\"connector_id\":\"${CONNECTOR_ID}\"}" --header "Authorization: Bearer ${SG_GATEWAY_TOKEN}" "https://sgmanager.us-south.securegateway.test.cloud.ibm.com/v1/sgconfig/${SG_GATEWAY_ID}/destinations/5B9oNcWGY67_nfTP5/migrate2connector" | jq
{
  "migrated": [],
  "failed": [
    {
      "id": "5B9oNcWGY67_nfTP5",
      "description": "endpoint 1",
      "reason": "Endpoint name does not satisfy Connector Endpoint naming policy. Endpoint names must start with a letter and end with an alphanumeric character, can contain letters, numbers, and hyphen (-), and must be 63 characters or fewer.",
      "remediation": "Run PUT /v1/sgconfig/{gateway_id}/destinations/{destination_id}/migrate2connector?force=true API to rename the endpoint to suggested name 'endpoint-1' during migration"
    }
  ]
}