Introduction to the pcemigrate Tool
The pcemigrate tool migrates objects between two PCEs to help with migrating on-premises customers to SaaS. It is written in Golang and is available for Linux, macOS, and Windows.
It does the following:
Exports specific policy object types or management tools to JSON files or imports specific policy-object types or management objects from JSON files.
Coordinates migrating policy objects and some selected management objects from one PCE to another.
Generates a YAML file with VEN migration configuration parameters.
Applies labels to newly migrated workloads.
Here is the workflow for the on-premise PCE to SaaS migration:
Setting up the organization in SaaS, such as the Organization owner user, API keys, and S3 buckets.
Migrating policy objects and (optionally) management objects, such as uers, authentication security principals, and permissions, from the on-premise PCE to SaaS. This includes creating unmanaged workloads in SaaS that correspond to managed workloads in the Illumio on-premises PCE.
Migrating VENs by sets:
Creating unmanaged workloads on the on-premise PCE for the set of managed workloads that are being migrated.
Migrating the set of managed workloads from the on-premises PCE either by unpairing them in the on-premise application and then pairing them in SaaS or by deactivating them in the on-premise application and then activating them in SaaS.
Applying custom labels to the newly migrated workloads if necessary.
Synchronizing policy objects and workload changes between the two PCEs during the VEN migration.
When all workloads have been migrated to SaaS, deleting the unmananged workloads on the on-premises PCE and the redundant unmanaged workloads in SaaS.