WEBVTT 00:00.000 --> 00:13.000 So, I think we are ready, I leave you the ground to present this free APA to free APA migration 00:13.000 --> 00:14.000 too. 00:14.000 --> 00:15.000 Okay, thank you very much. 00:15.000 --> 00:16.000 So, hello everyone. 00:16.000 --> 00:18.000 I'm Francesca Trevino. 00:18.000 --> 00:25.000 I work as a record, as part of the Unity Management team, as a free APA team member. 00:25.000 --> 00:29.000 And today, and super happy to introduce something new. 00:29.000 --> 00:32.000 And it is all about a new tool. 00:32.000 --> 00:36.000 For the free APA project, that simplifies full migration 00:36.000 --> 00:38.000 between free APA deployments. 00:38.000 --> 00:42.000 And the best part of it is that it's all quite implemented. 00:42.000 --> 00:48.000 And it's available as part of Fedora and also you can find the tool in dwell. 00:48.000 --> 00:52.000 And most importantly, it works. 00:52.000 --> 00:56.000 So, yeah, you see, a couple of more names in the slide. 00:56.000 --> 01:02.000 My working colleague Rob, he was the one that signed this wonderful tool. 01:02.000 --> 01:04.000 And also Mark Greennode. 01:04.000 --> 01:09.000 He's the main developer of the 399DS project. 01:09.000 --> 01:13.000 And he proved it to life, this wonderful tool. 01:13.000 --> 01:19.000 So, before I started, I just want to spend a few minutes talking about some of the background 01:19.000 --> 01:23.000 and the basic, very basic aspects about migration. 01:23.000 --> 01:28.000 In general, you know, the migration is really complex topic. 01:28.000 --> 01:32.000 You can have multiple approaches depending on your needs. 01:32.000 --> 01:36.000 So, you might simply want to update your free PE version 01:36.000 --> 01:45.000 because of, yes, to fix something, a bag or you might want to upgrade to another release version. 01:45.000 --> 01:49.000 So, we don't really use this migration term here. 01:49.000 --> 01:52.000 We just call update because you are in the system. 01:52.000 --> 01:56.000 You just basically operate the RPMs and then you are getting the new release. 01:56.000 --> 01:58.000 And you're not moving any data. 01:58.000 --> 02:04.000 If there are changes in this schema or the classes of something, 02:04.000 --> 02:09.000 the upgrade procedure is supposed to fix the data. 02:09.000 --> 02:11.000 But we are not migrating anything. 02:11.000 --> 02:16.000 So, that is not considered as a migration is the as an update. 02:16.000 --> 02:22.000 Another just case is when the administrator needs to move to a new major operating system. 02:22.000 --> 02:30.000 Okay, so this is kind of different from the other case because if you move to from real late for instance to real night. 02:30.000 --> 02:35.000 You are not able to do a simple RPM upgrade. 02:35.000 --> 02:37.000 This is not possible, right? 02:37.000 --> 02:43.000 So, you need to go for a more complex procedure such as for instance an in place upgrade. 02:43.000 --> 02:51.000 And in this case, you just rely on more complex tool in that this capable of upgrading the whole operating system. 02:51.000 --> 02:55.000 And then installing the all the new version in. 02:55.000 --> 03:00.000 In this case, again, we don't say that this is our migration because you are in the same system. 03:00.000 --> 03:05.000 And then you are not moving any data from one deployment to another. 03:05.000 --> 03:12.000 But for this specific use case, we talk about the upgrade procedure. 03:12.000 --> 03:20.000 Specifically for identity management, we have a way where you cannot replica to the server. 03:20.000 --> 03:25.000 And as soon as you have the replica, all the data will be replicated to the replica. 03:25.000 --> 03:33.000 So then the next step is just to simply upgrade that replica to be the master. 03:33.000 --> 03:38.000 And then do the commission, the other server and IDM server. 03:38.000 --> 03:42.000 And in this case, yes, in this case, we use migration. 03:42.000 --> 03:47.000 Because we are moving the data from one deployment to another one. 03:47.000 --> 03:55.000 So then for all the other cases, I'm talking about that you might be changing hardware or moving from different platforms. 03:55.000 --> 04:00.000 You might want to change from very metal to virtualization, virtual machines or cloud infrastructure. 04:00.000 --> 04:10.000 I mean, there are so many use cases where we, where you need to do up pure migration of the data. 04:10.000 --> 04:15.000 So for all those cases, then yes, we also use the term migration. 04:15.000 --> 04:25.000 And here I have one example, because right now it's not possible to do migrations, jumping to a million versions of royal for instance from 1,7 to 1,9, this is not supported. 04:25.000 --> 04:31.000 You need to do the other procedure, the procedure from 1,7 to 0,8, then from 1,8 to 0,9. 04:31.000 --> 04:33.000 Okay, it's a little bit complex. 04:34.000 --> 04:43.000 Also, sometimes it's not, it's a challenge because between major versions, you might have a lot of new features. 04:43.000 --> 04:48.000 And then my look like really different and then this procedure is not possible. 04:48.000 --> 05:02.000 So then for all those cases, is where the talk I'm about, I mean, the tool that I'm about to introduce this applies, okay, for this case, when we need to learn the need of migrating the content. 05:02.000 --> 05:17.000 Okay, so then in the context of 3PA, what does mean that migration refers to, as I said, the process of moving and assisting identity infrastructure. 05:17.000 --> 05:25.000 I'm talking about user groups, roles, host groups, services, configuration, I mean everything from one deployment to another. 05:26.000 --> 05:33.000 So having the proper tool in this career here is really important for administrators who maintains the infrastructure. 05:33.000 --> 05:40.000 A good migration process, tools make the process smoother, faster, more reliable. 05:40.000 --> 05:45.000 Well, as I used to say, good tools helps the work, right? 05:46.000 --> 05:54.000 So, we have that, I mean, 3PA has had a plugin based migration already. 05:54.000 --> 06:01.000 Since the version 2, I think we are in version 4 now, I mean, it was long time ago. 06:01.000 --> 06:09.000 It provided basic way to bring users and groups into 3PA, but it has a lot of limitations. 06:09.000 --> 06:18.000 Especially when considering EPA three-part migrations, one of the major reasons is that it only makes race in users and groups, just that. 06:18.000 --> 06:31.000 And this means that all the other data, I'm talking about the roles, policies, hostways, access controls, all those objects they are completely lost, okay. 06:31.000 --> 06:38.000 Another disadvantage is that the user private groups, they are not preserved, and you know, in some Linux systems, 06:38.000 --> 06:47.000 a user private group is a special group that is automatically created when you are done a user, and this simplifies a lot, the private files, permissions, and stuff like that. 06:47.000 --> 06:55.000 In other distributions, all the Linux, this doesn't exist, and then you need to play with a mask and a play with different masks. 06:55.000 --> 07:02.000 So, this user private group is also lost because the tool is not capable of migrating this information. 07:02.000 --> 07:17.000 So, another disadvantage is that the plugin drums in the server, in the origin, and then if you have a huge deployment with a lot of identity infrastructure, 07:17.000 --> 07:23.000 the client might get disconnected, and then might take to run. 07:23.000 --> 07:32.000 So, this leaves the process of the migration, because it has not dedicated locks as well. 07:32.000 --> 07:37.000 So, it's kind of a unit to figure out by yourself and then try again and try again. 07:37.000 --> 07:40.000 It's really difficult to solve a suit. 07:41.000 --> 07:45.000 And the last one, I think, the syntax errors, yeah, this is not a critical one. 07:45.000 --> 07:52.000 But you might have some kind of garbage in the origin server, and then that will prevent you to complete the migration. 07:52.000 --> 07:56.000 So, you need to go there and fix all the entries and try again. 07:56.000 --> 08:02.000 So, yeah, this is kind of a very big list of disadvantages of the current tool. 08:02.000 --> 08:12.000 So, this is why we decided to start with a run, run the sign, and what we tried is to fix all the play with limitations. 08:12.000 --> 08:18.000 So, this time, we want you to migrate as much as possible, not users and groups only. 08:18.000 --> 08:21.000 So, we're talking about all the schema. 08:21.000 --> 08:25.000 So, this new tool is capable of migrating the whole schema. 08:25.000 --> 08:31.000 All the configuration settings and the database content, which is a lot. 08:31.000 --> 08:41.000 And the tool is, it's available in the user as well as the name of EPAL Migrate. 08:41.000 --> 08:48.000 So, it's kind of an admin tool that runs a standalone, and this time is run in the client side. 08:48.000 --> 08:53.000 In the free piece server where you want to bring all the data. 08:53.000 --> 08:56.000 So, it has the proper man page, health documentation. 08:56.000 --> 09:02.000 If you go through it, you will see that it supports multiple methods, like online offline. 09:02.000 --> 09:05.000 That makes so much of those approaches. 09:05.000 --> 09:07.000 I have another slide for this one. 09:07.000 --> 09:15.000 And also, it supports multiple modes of migration, like production mode or steady mode. 09:15.000 --> 09:20.000 And yeah, this migration process varies depending on the selected mode. 09:20.000 --> 09:24.000 So, I have another slide to talk a lot a little bit on the modes. 09:24.000 --> 09:32.000 So, another cool feature is that it is able to do some kind of sort of write one simulation. 09:32.000 --> 09:39.000 Okay? So, you just that the dust has dried one, and then you will simulate that you are performing the migration. 09:39.000 --> 09:46.000 And you will identify the issues in advance. This is really, really good. 09:47.000 --> 09:54.000 Yeah, and finally, yeah, this time, I mean, the new tool obviously provides the proper login and a summary report at the very end. 09:54.000 --> 10:00.000 So, it makes really easy to travel through fixes, and I'm going to get an additional immediately. 10:00.000 --> 10:06.000 I have a demo as well. So, we will see that in a video that I recorded. 10:06.000 --> 10:12.000 So, yeah, this is like this to tell you what is currently migrated. 10:12.000 --> 10:16.000 It consists of three areas, of major blocks. 10:16.000 --> 10:20.000 So, the first one is the LDAP schema. 10:20.000 --> 10:25.000 So, it is capable of migrating the obvious classes and attributes. 10:25.000 --> 10:33.000 If you have a custom schema in your, your, your, your, your free free server is going to be migrated as well. 10:33.000 --> 10:40.000 So, this is very powerful. And also the configuration is migrated as well. 10:40.000 --> 10:46.000 Including all the performance, tuning, all the security settings, all the log, all the rotation settings. 10:46.000 --> 10:50.000 I mean, everything is fully, fully migrated. 10:50.000 --> 10:54.000 And another important area is the data is. 10:54.000 --> 10:59.000 And as you can see, all the objects are mostly migrated. 11:00.000 --> 11:04.000 The counts, each, what rules to the rules, DNS, curve laws. 11:04.000 --> 11:10.000 Well, there is one particularity is that the passwords, they are, are migrated, 11:10.000 --> 11:19.000 but that the user needs to do an LDAP authentication after that to regenerate the new curve risk credentials. 11:19.000 --> 11:25.000 And this is done automatically when the user is authenticated in SSD. 11:26.000 --> 11:32.000 Or they can simply throw by, if I migrate and point and do the same. 11:32.000 --> 11:39.000 So, yeah, so this is all the objects that are migrated. 11:39.000 --> 11:44.000 So, but also, yeah, what, what is not currently migrated? 11:44.000 --> 11:49.000 I mean, there are some particularities. So, for instance, the replicas are not migrated. 11:49.000 --> 11:54.000 You know, in creepier, you can deploy a server, you can have replicas among the clients. 11:54.000 --> 12:00.000 So, this tooling is just migrating the, whatever is in the server to the new one. 12:00.000 --> 12:09.000 It's not migrating the replicas. So, all the data that is referencing to the objects from the replicas is simply not migrating. 12:09.000 --> 12:15.000 Okay, but anyway, once you complete the process of the migration, you can add more replicas to the server, 12:15.000 --> 12:22.000 and you can run a par replica stall, so that you can establish the topology. 12:22.000 --> 12:29.000 So, it's not a big deal. And the second one, and this might be more problematic is that all the certificates, 12:29.000 --> 12:36.000 I mean, the migration doesn't, that's not bring over the assistance certificate authority. 12:36.000 --> 12:42.000 Instead of that, the new API installation generates its own CI. 12:42.000 --> 12:45.000 And the issue is that you can distinguish between them. 12:45.000 --> 12:51.000 I mean, if you're used in the same pre-al, the certificate is taken on time, domain and CI, 12:51.000 --> 13:00.000 sat yet, and there's no way to distinguish between them. So, it means that all the certificates will need to be reused to re-shoot again in the new server. 13:00.000 --> 13:03.000 Okay, they are toast. 13:03.000 --> 13:11.000 And another one, and the last one is, I think I already mentioned this one, is that the Kerberos keys are not migrating as well. 13:11.000 --> 13:17.000 So, while Kerberos, all the principles and users on services and entities, they are retained, 13:17.000 --> 13:23.000 but the Kerberos master, for instance, the Kerberos master key is not transfer. 13:23.000 --> 13:32.000 And that means that users will reset their password or re-roll services as needed. 13:33.000 --> 13:45.000 So, then, yeah. So, to ensure the flexibility in different migration scenarios, 13:45.000 --> 13:49.000 the tool supports multiple methods. This is what we call methods. 13:49.000 --> 13:53.000 So, the first one is an online migration, okay. 13:53.000 --> 13:59.000 It will involve, it will establish a communication between the target system and the ring system, 13:59.000 --> 14:03.000 and it will do everything over the network. 14:03.000 --> 14:13.000 And, well, if you have a huge deployment with a lot of users, 50k users, more than 500k users, 14:13.000 --> 14:19.000 and a lot of identity infrastructure, that will take time, you know. 14:19.000 --> 14:22.000 So, then we have also the fly mode. 14:22.000 --> 14:29.000 For a situation where, and also for a situation where the network access is not ideal or not possible. 14:29.000 --> 14:37.000 And, well, what you do then is to use the tool to dump into all the files, the three major ideas. 14:37.000 --> 14:42.000 I mean, the configuration, the schema, and the database, you can do that in the region server, 14:42.000 --> 14:47.000 and then you copy the files to the target and use the tool to deploy the materials. 14:47.000 --> 14:53.000 But, this is a little bit tricky. So, in terms of where we need to generate three files. 14:53.000 --> 14:59.000 So, we can do a mix of the other two previous modes online and offline. 14:59.000 --> 15:04.000 So, with the online, maybe you can copy the configuration on the schema that is not big. 15:04.000 --> 15:07.000 It's not usually big, and you can do that with the tool. 15:07.000 --> 15:12.000 And, if you have a very large database, you can use the, the other one, the fly one. 15:12.000 --> 15:15.000 So, this is very flexible. 15:15.000 --> 15:23.000 And, then, we also have multiple modes, migration modes. 15:23.000 --> 15:27.000 These are some sort of templates that are pretty fine. 15:27.000 --> 15:33.000 So, in production mode, we assume that the remote server is fully functional. 15:33.000 --> 15:39.000 You want to migrate from a production environment. 15:39.000 --> 15:43.000 So, we want to perform a full migration while preserving everything. 15:43.000 --> 15:47.000 And, this means that all the DNA, users and groups like this, 15:47.000 --> 15:53.000 secretaries, the fires and other critical identity attributes are migrated the same way. 15:53.000 --> 15:55.000 They are not changed at all. 15:55.000 --> 16:03.000 And, this ensures that the new deployment is to replica of the original is kind of production. 16:03.000 --> 16:06.000 Then, we have another mode, which is the staging mode. 16:06.000 --> 16:11.000 And, that one is used when my rating from my staging or a testing environment. 16:11.000 --> 16:15.000 This is kind of for the family members or for testing. 16:15.000 --> 16:21.000 If you want to migrate from there, you are not, the tool is clever enough. 16:21.000 --> 16:24.000 So, it's not migrating the DNA ranges. 16:24.000 --> 16:27.000 The IDs and the SIDs are directly from there. 16:27.000 --> 16:29.000 Okay. So, instead of that, the attributes, 16:29.000 --> 16:36.000 relative to automation of the ID generation are reset and the special magic values they are at it. 16:36.000 --> 16:44.000 So, this is for preventing conflicts and between staging and production environment. 16:44.000 --> 16:48.000 And, finally, there is another mode, which is the right one. 16:48.000 --> 16:52.000 I already talked about a little bit about this one before. 16:52.000 --> 16:58.000 And, yeah, this is a great way to verify that my Russian process 16:58.000 --> 17:02.000 or check for potential issues. 17:03.000 --> 17:09.000 Confirmed that the right data is made my rate it transfer to the current server. 17:09.000 --> 17:11.000 This is kind of formation, yeah. 17:11.000 --> 17:17.000 So, yeah, this different modes provide flexibility based on the different needs. 17:17.000 --> 17:20.000 It depends always on the context. 17:20.000 --> 17:28.000 And, then, we have also the ability to define something place. 17:28.000 --> 17:32.000 We have to find something place because we can mix those modes. 17:32.000 --> 17:38.000 And, we can do multiple scenarios like my rate from production to production. 17:38.000 --> 17:41.000 In this case, all valid AP entries will be migrated. 17:41.000 --> 17:46.000 All IDs, UID, UID, SID will be migrated. 17:46.000 --> 17:53.000 At the same time, the certificate will be, will be dropped, as I mentioned, 17:53.000 --> 17:56.000 because there is no way to distinguish between the CAs. 17:56.000 --> 18:01.000 And, another scenario, I'm interested to my one-to-do, 18:01.000 --> 18:05.000 is to move from production to an air-stage environment for testing. 18:05.000 --> 18:10.000 And, in this case, it must be a different real. 18:10.000 --> 18:11.000 Okay? 18:11.000 --> 18:12.000 Just to avoid conflicts. 18:12.000 --> 18:15.000 You don't want to mess with your production server. 18:15.000 --> 18:20.000 And, in this case, all the certificates from the previous CAs will be preserved, 18:20.000 --> 18:22.000 because you are not my rating them. 18:22.000 --> 18:24.000 And, yeah. 18:24.000 --> 18:28.000 So, depending on the scenario, you have different particularities. 18:28.000 --> 18:31.000 And, yeah, and the last one is also interesting. 18:31.000 --> 18:34.000 It's from an IPA backup. 18:34.000 --> 18:39.000 And, yeah, this basically restores the IPA system with the same, 18:39.000 --> 18:41.000 exactly the same preamp and the main. 18:41.000 --> 18:47.000 And, this method is ideal for disaster recovery, those sort of things. 18:47.000 --> 18:50.000 So, then. 18:50.000 --> 18:51.000 Yeah. 18:51.000 --> 18:56.000 So, this time, the tool prints the enough logging information. 18:56.000 --> 19:00.000 This is so important, because if the migration stops at some point, 19:00.000 --> 19:03.000 you will see what is the issue instantly. 19:03.000 --> 19:06.000 And, then, you can fix it and then you can retry again. 19:06.000 --> 19:10.000 And, also, we are adoptions like variables in the clear option, 19:10.000 --> 19:15.000 so that you can increase the level of information that is printed out. 19:16.000 --> 19:19.000 So, this kind of was missing in the other tool. 19:19.000 --> 19:26.000 And, yeah, this is another thing that I love is the summary report. 19:26.000 --> 19:30.000 So, at the beginning of the migration, it's everything went okay. 19:30.000 --> 19:35.000 So, you are getting a report like what you see in the right of the screen of the slide. 19:35.000 --> 19:39.000 It's summarizing all the objects that they were migrated, 19:39.000 --> 19:44.000 so that you can realize if something was skipped or from the ring. 19:44.000 --> 19:48.000 So, I think. 19:48.000 --> 19:50.000 Yeah, five minutes. 19:50.000 --> 19:52.000 Yes, I have had demo. 19:52.000 --> 19:53.000 Yeah, the demo. 19:53.000 --> 19:57.000 Well, the demo is pretty much simple, but this other samples, 19:57.000 --> 20:00.000 all you can play with the tool, but let me jump into the demo, 20:00.000 --> 20:02.000 because I don't have too many time. 20:02.000 --> 20:04.000 So, let me see. 20:04.000 --> 20:07.000 This is a video. 20:07.000 --> 20:09.000 So, what you see now is on the left. 20:09.000 --> 20:11.000 The left is the re-inserver. 20:11.000 --> 20:16.000 And on the right, we have the target system. 20:16.000 --> 20:21.000 And those 3P servers, they kind of empty. 20:21.000 --> 20:23.000 They just provision empty, okay. 20:23.000 --> 20:28.000 You can see that is well, they provisioned with the use of the staff from scratch. 20:28.000 --> 20:30.000 But there is no content. 20:30.000 --> 20:35.000 So, what I'm doing now is to log it into one of the server in the re-inserver. 20:35.000 --> 20:38.000 And I'm going to use one of those pathoscrips. 20:38.000 --> 20:43.000 I have for creating data, identity data, 20:43.000 --> 20:48.000 like it creates a lot of users and sort of rules, 20:48.000 --> 20:50.000 HFAC rules, all those sort of things. 20:50.000 --> 20:57.000 But I'm doing now is to set in the server in my re-inserver mode, 20:57.000 --> 21:01.000 so that I can add the users with all that has path works. 21:01.000 --> 21:06.000 And I'm simply adding to the buildup server. 21:06.000 --> 21:09.000 I'm just adding all the data. 21:09.000 --> 21:10.000 I'm sure about it. 21:10.000 --> 21:16.000 I think it's the already kind of some sort of 60 users per group. 21:16.000 --> 21:21.000 What is adding the server rules now. 21:21.000 --> 21:24.000 Now is adding HFAC rules. 21:32.000 --> 21:38.000 So, as you can see, this way of adding content is really slow. 21:38.000 --> 21:40.000 Okay. So, okay. 21:40.000 --> 21:47.000 Now that everything is there, you can see that a lot of 61 users they were added to the server. 21:47.000 --> 21:52.000 If I go to the web UI, I can see them there. 21:53.000 --> 21:59.000 The same for groups, services. 22:03.000 --> 22:08.000 Yeah. So, plenty of identity infrastructure. 22:08.000 --> 22:15.000 So, now I, yeah. 22:15.000 --> 22:23.000 I'm going to use the e-part-mind-break tool on the other console. 22:23.000 --> 22:36.000 So, basically, you can see that this deployment is completely empty. 22:36.000 --> 22:44.000 Yes, I'm setting a server in migration mode, but I think this is not needed because the tool is already capable of doing so. 22:44.000 --> 22:46.000 But it's just in case. 22:46.000 --> 22:48.000 And yeah, this is the command. 22:48.000 --> 22:52.000 It's a migrate production mode from the origin. 22:52.000 --> 22:55.000 And this is first of all, that's the driver. 22:55.000 --> 22:58.000 As you can see, it's super quick, it's super fast. 22:58.000 --> 23:02.000 In terms of seconds, it managed to fetch all the data. 23:07.000 --> 23:09.000 So, yeah, that's the summary. 23:09.000 --> 23:12.000 And now I, say, everything went okay. 23:12.000 --> 23:16.000 I just kind of removed the, that's the right run. 23:16.000 --> 23:20.000 And now we're going to perform the real, the real one. 23:36.000 --> 23:41.000 Yes. 23:41.000 --> 23:44.000 Yes. 23:44.000 --> 23:49.000 Yeah, I think, because I'm getting out of time, right? 23:49.000 --> 23:52.000 No, I mean, it's supposed to be quick. 23:52.000 --> 23:54.000 Yeah. 23:54.000 --> 23:59.000 Yeah, most of the, yeah, the schema, the confusion and the database was already migrated. 23:59.000 --> 24:02.000 It process more than 800 entries. 24:03.000 --> 24:06.000 And at the very end, it's running the API server upgrade. 24:06.000 --> 24:09.000 This is in, yes, in case there are changes in the, a lot of schema or something. 24:09.000 --> 24:12.000 And then the API server upgrade is taking care of those things. 24:12.000 --> 24:15.000 Yeah, this is supposed to be quick. 24:20.000 --> 24:22.000 Yeah, I can't speed up some seconds. 24:28.000 --> 24:29.000 Yeah. 24:29.000 --> 24:32.000 So, it was completed and then you can see the summary. 24:32.000 --> 24:37.000 And I think it's open by the word, the idea is to see that, yeah, the content is there. 24:37.000 --> 24:38.000 Okay. 24:38.000 --> 24:42.000 So, in terms of minutes. 24:42.000 --> 24:43.000 Yeah. 24:43.000 --> 24:45.000 So, that was the demo. 24:45.000 --> 24:47.000 I think I have more slides. 24:47.000 --> 24:49.000 Let me see. 24:53.000 --> 24:55.000 Next one. 24:55.000 --> 24:56.000 No. 24:59.000 --> 25:00.000 Okay. 25:20.000 --> 25:21.000 Jesus. 25:21.000 --> 25:23.000 Okay. 25:23.000 --> 25:25.000 There's need to grab the screen. 25:29.000 --> 25:32.000 Okay. 25:49.000 --> 25:50.000 Okay. 25:50.000 --> 25:51.000 Fine. 25:53.000 --> 25:54.000 Okay. 25:54.000 --> 25:55.000 So, yeah. 25:55.000 --> 25:57.000 We have everything automatically. 25:57.000 --> 25:59.000 You can draw by this link. 25:59.000 --> 26:04.000 And you will see that this tutorial about the format rate is available in GitHub. 26:04.000 --> 26:05.000 You click on that. 26:05.000 --> 26:07.000 This is one of the whole process stuff. 26:07.000 --> 26:08.000 We can file stream. 26:08.000 --> 26:14.000 And then you follow some steps and everything can run in your local system using podman containers. 26:14.000 --> 26:18.000 And yeah, this is, I think this is the last slide. 26:18.000 --> 26:21.000 You know, the API migrate tooling is available in the free API provider ready. 26:21.000 --> 26:24.000 As I said, you can find it in federal umbrella. 26:24.000 --> 26:28.000 And yeah, it will be nice if you can try. 26:28.000 --> 26:30.000 You can try any combination. 26:30.000 --> 26:33.000 You can migrate from multiple systems. 26:33.000 --> 26:37.000 Mixing different versions of IPA or the practice system. 26:37.000 --> 26:42.000 And you five issues please draw by our project and draw by ticket there. 26:42.000 --> 26:46.000 And we also did a federal test day as well. 26:46.000 --> 26:50.000 So, you can draw by the link and then see the results. 26:50.000 --> 26:53.000 And yeah, I think that was all. 26:53.000 --> 26:54.000 Yeah. 27:03.000 --> 27:05.000 So is there any question? 27:09.000 --> 27:13.000 I will be testing this tool for couple of weeks. 27:13.000 --> 27:19.000 Because if it doesn't have a nice way to change the CA. 27:19.000 --> 27:24.000 So this is right to migrate to another server and create a new CA. 27:24.000 --> 27:30.000 But unfortunately, for protection environments, all the users have to live all game so well. 27:30.000 --> 27:38.000 If you have many users, you have to ask everybody to log in before you can change to the new server. 27:38.000 --> 27:44.000 Is that it's on the point to migrate everything so the old credentials keep working. 27:44.000 --> 27:50.000 And the user doesn't have to have the password represented and working again. 27:50.000 --> 27:54.000 Yeah, well, I mean, yes, this is an argument. 27:54.000 --> 27:57.000 When you migrate all the users. 27:57.000 --> 28:07.000 Yeah, the users must at least log in the very first time to regenerate the caraberos. 28:07.000 --> 28:09.000 But this is automatically done. 28:09.000 --> 28:13.000 As soon as the user is logging into SSD, it's done. 28:19.000 --> 28:25.000 No, the password will work, but the user just must authenticate so that more content is regenerated. 28:25.000 --> 28:31.000 So the key is to keep your new system, new deployment in migration mode. 28:31.000 --> 28:33.000 Then SSD will notice it. 28:33.000 --> 28:43.000 And when the user tries to log in, it will automatically try to help bind with whatever user provided. 28:43.000 --> 28:48.000 And that help bind against IPS server will generate caraberos keys. 28:48.000 --> 28:52.000 For the user, the actual experience will be exactly the same. 28:52.000 --> 28:56.000 They don't need to go anywhere else. They just need to log in. 29:01.000 --> 29:04.000 Yeah, automatically. 29:04.000 --> 29:06.000 Yeah, automatically. 29:06.000 --> 29:10.000 It's only done if you're in migration mode. 29:10.000 --> 29:12.000 That's quite important to set. 29:12.000 --> 29:15.000 This tool should be set in migration mode by default. 29:15.000 --> 29:19.000 Or instructions are saying enable migration modes. 29:19.000 --> 29:23.000 So this config mode, there's there's migration something. 29:24.000 --> 29:30.000 The other solution is switch from password to passwordless methods. 29:30.000 --> 29:35.000 Then they don't need to have any caraberos keys themselves at all. 29:35.000 --> 29:39.000 And during migration, nothing need to be generated. 29:39.000 --> 29:40.000 Yeah. 29:40.000 --> 29:44.000 Like external IDP use, for example. 29:44.000 --> 29:46.000 This information will be migrated. 29:46.000 --> 29:49.000 There are no keys, caraberos keys. 29:49.000 --> 29:53.000 Also, they don't need to be replaced. 29:53.000 --> 29:58.000 Same way of the FIDO tool can spur some. 29:58.000 --> 30:05.000 Yep. 30:05.000 --> 30:09.000 So when any other question, 30:09.000 --> 30:12.000 All right, good. 30:19.000 --> 30:21.000 Thank you.