This document covers instructions for migrating TOSIBOX® Central Lock 2.4.x to TOSIBOX® HUB 2.6.x. Skilled administrator user can do the migration following these instructions.
Before getting started ensure you have:
- Access to your TOSIBOX® Central Lock
- TOSIBOX® HUB installation image and User Manual available
- Adequate license for Nodes and users you will manage with TOSIBOX® HUB
- You have notified personnel about the migration, users will lose access to the network for some time
Time for the migration can take anywhere from 1 hour to 1 day depending on the experience of the personnel doing the migration, the migrated network size, and how thoroughly the HUB will be tested.
1. Document the Central Lock Configuration
According to our historical experience from investigations of out of ordinary occurrences many issues arise from not having proper documentation about who should have access, where they should have access to and, possibly, when they should have access. Trusting solely on memory can easily result in losing the information. Depending on the complexity of the settings it can be best to document them in textual format or via screenshots.
Important settings should be documented before starting the migration process. These include:
- Users together with their access parameters and the TOSIBOX® Locks and Nodes => Settings → Keys and Locks
- HUB name visible to all users => Settings → Lock name
- Email alerts service (applicable only if there are any) => Settings → Alerts
- A collection of miscellaneous settings => Settings → Advanced settings
- Access controls for users and which networks they can connect to Access Groups (Access Groups)
- Access Group names, what Keys and Locks go in which groups
- Options within the Access Groups:
- Configured IP addresses
- Internet- and Web interface access
- Traffic between Locks/Keys allowed
- Defaults (L2/L3 Keys or Locks)
- Network and connectivity settings (Network)
- Document the configured LAN interfaces (static vs DHCP and what IP address if wish is to use the same one)
- VLANs (document tag, name and linked LAN interface)
- Static routes (target, netmask, gateway, metric MTU)
- DHPC server (document possible static leases)
Finally, double check all the and Nodes and Keys seen on the Key software that are connected to the Central Lock are documented.
2. Install and Activate New HUB
Prepare the environment where the TOSIBOX® HUB will be hosted. System requirements are listed on the Helpdesk article and in the HUB user manual. Most importantly, ensure HUB has secure access to internet and that there is no firewall blocking connectivity. HUB configuration and installation instructions can be found from Helpdesk for various virtualization platforms. Virtual Central Lock
TOSIBOX® HUB should be activated using a license code. Ensure that the new HUB installation has the license capacity and available resources to manage at least the same amount of devices that the Central Lock had.
How to activate TOSIBOX® Virtual Central Lock
Ensure the installed HUB has the latest software release in use. See Release Notes section for the latest released software version and the changes it contains.
How to do system upgrade and update VCL software
3. Match the HUB to Your Master Key
Connect the TOSIBOX® HUB with your administrative master Key using the inbuilt 'Remote matching' feature in TOSIBOX® HUB menu Settings → Keys and Locks. After matching the HUB should become visible in the master Key user interface. Test that you can connect to the HUB.
How to remotely match TOSIBOX® Virtual Central Lock
4. Initial Configuration
Open the TOSIBOX® Central Lock documentation you created in step 1 (Document the Central Lock Configuration) and do the initial configuration on the HUB. You should configure and test for example
- Changing password
- Create other users on the HUB
- Internet connectivity
- LAN connectivity
- Audit trail and alerts
Tasks during this step cannot be clearly defined as they depend to a large extent on the installation environment and the configured system. This is the perfect place to practice and experiment on the new system. The goal here should be to ensure the HUB is reliably running before migrating actual production environment. Refer to user manual and Helpdesk documentation always when in doubt.
5. Remove Nodes and Users From Central Lock
Simplest method to remove all Nodes and Keys from the Central Lock is to use the inbuilt ‘Reset Serializations’ feature found under Central Lock menu Settings → Reset and restore. This removes all connected Nodes and Keys from Central Lock.
Alternatively, you can remove Nodes one-by-one using the Key software. It depends on your preference if you want to test the intermediate migration steps.
When you have removed all the Nodes and users the Central Lock can be shut down and removed from the network.
Important!
Nodes cannot be configured to both the Central Lock and the HUB at the same time.
You have to remove them first from the Central Lock before being able to add them to the HUB.
6. Add Nodes and Users to Virtual Central Lock
The necessary Node and Key connections can be created with the Key software. Guide for this is available separately.
How to connect Lock to the (V)CL
It is best to add Nodes in small batches. Add ten Nodes and let the system complete the task and only then add another batch of ten Nodes. This is to ensure the system does not choke in the migration alone.
7. Configure Your Virtual Central Lock
Refer again to the Central Lock documentation you created in step 1 and finish configuring the system. Take care during the process and test the settings if in doubt. Especially the network configuration (LAN, VLAN and Static routes) should always be created manually to make sure everything is migrated successfully. See additional Helpdesk articles.
How to create LAN interface to VCL
How to add VLAN on Virtual Central Lock
Creating Access Groups is especially crucial part. The following factors should be checked.
- Correct interface associations (the IP and subnet of interfaces correspond to same names as in Central Lock)
- Correct devices, Keys and Locks associated with Access Group
- Correct IP address definitions in Access Groups
Other settings such as alerts and advanced settings should be easy to configure. Follow what was documented for Central Lock.
Finally, if the Central Lock had manually configured network devices (hosts), these can be configured on the Status page similarly to Central Lock. Other network devices should show up via the automatic scan. This process can also be started from the Status page by selecting 'Scan for LAN devices'.
8. Back Up HUB
The easiest way to backup/restore the HUB is by utilising features offered by hypervisors. Hypervisors can have different types of fail-safes depending on the platforms, they can even support automated and scheduled backups. For local servers running hypervisor software, the disks containing virtual machines can have redundant RAID configurations setup and take full backups of disks (to some other location, ideally off-site) to safeguard for drive failures. Cloud installations can be backed up via snapshots that can be stored in redundant storage buckets (varying levels of redundancy are available in both AWS and Azure), from which the HUB can be restored if necessary.
How to make a backup/redundant copy of VCL for emergency use