Overview of the migration process

This topic provides an overview of the process of migrating data from an old workstation at TKE version 5.x, 6.0, 7.x, or 8.0 (the source workstation) to a new workstation at TKE version 8.1 (the target workstation).

There are three main steps in the process of migrating data from an old workstation at TKE version 5.x, 6.0, 7.x, or 8.0 to a new workstation at TKE version 8.1.

Step 1 overview: On the source TKE workstation, collect customer data

If you have customer-defined roles or profiles on your TKE local crypto adapter, there are some files that you can create that help simplify the process of loading the roles and profiles on your target TKE. The processes available for creating the files depend on the TKE release level of the source workstation:
- For TKE level 7.3 or later, use the TKE Workstation Setup wizard to create a file that contains the information that is needed to load all customer-defined roles and profiles on the target TKE workstation. The file is included in the data that is collected during the save upgrade data process.
  For a detailed description of this step, see Option 1: Using the TKE Workstation Setup wizard to collect data about roles and profiles.
- For TKE at any level, you can use the Cryptographic Node Management (CNM) utility. From CNM, individual role and profile definition files are created for each customer-defined role and profile you are migrating to the new TKE workstation. Each file can be used to load the role or profile on the target TKE workstation. The files are included in the data that is collected during the save upgrade data process.
  For a detailed description of this step, see Option 2: Using the Cryptographic Node Management (CNM) utility to collect data about roles and profiles.
Use the Save Upgrade Data utility to copy the source workstation’s customer data and system settings to USB flash memory in a form that can be applied to the target workstation.

For a detailed description of this step, see Step 1: Collecting data from the source TKE workstation.

Step 2 overview: On the target TKE workstation, perform a frame roll installation

The frame roll installation is a technique for restoring the information gathered by the Save Upgrade utility onto the target TKE workstation. It does not reinstall the workstation code.

For a detailed description of this step, see Step 2 - Performing a frame roll installation

Step 3 overview: On the target TKE workstation, complete the workstation setup

Run the TKE Workstation Setup wizard to verify and complete any tasks that are needed to configure your workstation. In some cases, you only have to run the wizard to complete your setup. In some cases, you also have to manually load customer-defined profiles and roles onto the TKE workstation’s local crypto adapter.

Final configuration - single step
You can complete the final configuration in one step if one of the following conditions is true:
- The file that is created by the TKE Workstation Setup wizard task Save User Roles and Profiles is on the target TKE workstation.
- There are no customer-defined roles and profiles to be moved to the target TKE workstation.
In these cases, the only step is to run the TKE Workstation Setup wizard.
For a detailed description of this option, see Option 1: Using the single-step method to complete workstation setup.
Final configuration - multiple steps
The final workstation configuration takes three steps when customer-defined roles and profiles must be loaded onto the TKE local crypto adapter using individual role and profile definition files. The three steps that are required are:
- Run the TKE Workstation Setup wizard to perform all the setup steps for the workstation except loading the customer-defined roles and profiles.
- Manually load the customer-defined roles and profiles onto the TKE workstation’s local crypto adapter.
- Reduce the power of the DEFAULT role, if necessary.
  When an adapter is initialized for use with smart card profiles, the DEFAULT role is powerful. When the workstation setup process is complete, you should load the DEFAULT role from the IBM-supplied role definition files that are used to create the DEFAULT role when the TKE local adapter is initialized for use with passphrase profiles. The TKE Workstation Setup wizard task Load IBM-Supplied DEFAULT Role runs a test, makes a suggestion, and allows you to load the less powerful DEFAULT role from the appropriate IBM-supplied file.
For a detailed description of this option, see Option 2: Using the multiple-step method to complete workstation setup

For a detailed description of this step, see Step 3 - Completing the workstation setup.