Cloud migration rules
The Cloud Migration Tool identifies application issues to consider when you move an application to cloud platforms such as IBM Cloud Runtimes (Cloud Foundry PaaS), Third-party PaaS (CF), Containers (OpenShift, Kubernetes), and Virtual machines (IBM Cloud).
Liberty on third-party platforms (PaaS)
| Rule Name | Rule Description | Automated Fix |
|---|---|---|
| Avoid creating new process instances | This rule flags Java code that has references to methods java.lang.Runtime.exec(*)
and java.lang.ProcessBuilder.start(*). |
No |
| Avoid writing to the local file system | This rule flags Java code that references any classes, constructors, and methods that are used for writing files to the local file system. Any files written to the local file system will be deleted when a new container instance is created. | No |
| Capture log information | This rule flags Java code that references logging packages that write to the local file system including
java.util.logging, org.slf4j, org.apache.log4j,
org.apache.commons.logging and org.osgi.service.log. Any files written
to the local file system will be deleted when a new container instance is created. |
No |
| Client certificate authentication is not available | This rule flags the following references in the web.xml deployment descriptor:
<auth-method>CLIENT-CERT</auth-method> |
No |
| Do not use older or non-standard protocols | In a cloud environment, certain protocols related to EJB 2.0, CICS Transaction Gateway, and IMS Connect are not supported. | No |
| Listening for inbound connections | This rule flags Java code that has references to the methods and constructors
java.nio.channels.ServerSocketChannel.open(*), java.nio.channels.AsynchronousServerSocketChannel.open(*),
new java.net.ServerSocket(*), new java.nio.channels.ServerSocketChannel(*) and
new java.nio.channels.AsynchronousServerSocketChannel(*). |
No |
| Stopping the Liberty server | This rule flags Java code that references the methods java.lang.System.exit(int)
java.lang.Runtime.exit(int), java.lang.Runtime.halt(int),
org.osgi.framework.launch.Framework.stop(*) and org.osgi.framework.launch.Framework.update(*) |
No |
| Transport security is terminated at the router | This rule flags ServletSecurity.TransportGuarantee.CONFIDENTIAL in the Java code and
<transport-guarantee>CONFIDENTIAL</transport-guarantee> in the web.xml deployment descriptor. |
No |
| Two-phase commit transactions | By default the Liberty transaction manager writes the transaction log file to the local file system. Any files written to the local file system will be deleted when a new container instance is created. | No |
Connectivity considerations for IBM Cloud
The connectivity rules evaluate your application's use of the following resources that might have connectivity considerations when moving applications to the cloud. These rules are flagged only once per Eclipse project (or Java archive) to indicate the individual technologies that are used.
| Rule Name | Rule Description | Automated Fix |
|---|---|---|
| Databases | When migrating applications using databases to a cloud platform, consider how to maintain access to the database from the cloud. | No |
| Enterprise Information Systems (EIS) | If an application accesses enterprise information systems (EIS) using resource adapters, then consider how to maintain access to the EIS from the cloud or consider migrating the EIS to the cloud. | No |
| Java EE security | When moving applications that use Java EE security to the cloud, consider how the application uses the user registry, Trust Association Interceptors (TAI), and JAAS custom login modules, as well as your on-premises security server. | No |
| JavaMail server | If an application uses an on-premises JavaMail service provider, then after the application is moved to the cloud, it requires a secure connection to maintain access to the mail server. | No |
| Java Message Service (JMS) | For applications using Java Message Service (JMS) that are connected to an on-premises JMS service provider, consider the connection needed to access your messaging provider. | No |
| Message-Driven Beans (MDB) | For applications using Message-Driven Beans (MDB) that are connected to an on-premises messaging service provider, consider the connection needed to access your messaging provider. | No |
| Remote EJB lookups | For applications that look up or call remote EJB beans, consider how to maintain access to remote EJB beans from the cloud or consider migrating all related EJB beans to the cloud. | No |
| Remote EJB providers | For applications that provide remote EJB beans, consider how to maintain access to remote EJB beans from on-premises clients when migrating this application. | No |
| Remote web services | If your application uses remote web services that are not public on the Internet, consider how moving to the cloud will affect the access to these remote services. | No |
| Third-party security | Consider the use of third-party security providers when moving applications to the cloud. This rule flags the use of third-party Java security APIs. | No |
| Vendor specific messaging | For applications using vendor specific messaging APIs, consider the connection needed to access your messaging provider. | No |
| Validate the URL host and port for cloud access | In a cloud environment, there are many things to consider when accessing URLs from your application. | No |
Containers (OpenShift, Kubernetes)
| Rule Name | Rule Description | Automated Fix |
|---|---|---|
| Avoid creating new process instances | This rule flags Java code that references to the methods java.lang.Runtime.exec(*)
java.lang.ProcessBuilder.start(*). |
No |
| Avoid writing to the local file system | This rule flags Java code that references any classes, constructors, and methods that are used for writing files to the local file system. Any files written to the local file system will be deleted when a new container instance is created. | No |