Migrate OpenText TeamSite workloads to the AWS Cloud
Created by Battulga Purevragchaa (AWS), Michael Stewart, and Carlos Marruenda Molina
Environment: Production | Source: On premises | Target: AWS |
R Type: Replatform | Workload: All other workloads | Technologies: Migration; Web & mobile apps |
AWS services: Amazon EC2; Amazon RDS |
Summary
Warning: This scenario requires IAM users with programmatic access and long-term credentials, which presents a security risk. To help mitigate this risk, we recommend that you provide these users with only the permissions they require to perform the task and that you remove these users when they are no longer needed. Access keys can be updated if necessary. For more information, see Updating access keys in the IAM user guide. |
Many OpenText Experience Platform
This pattern provides steps and a template to migrate OpenText TeamSite
This pattern was developed by AWS and TBSCG
Prerequisites and limitations
Prerequisites
At least one active AWS account
An OpenText workload hosted in an on-premises data center or on another cloud provider
Active OpenText licenses
The migration process also requires the roles and responsibilities that are described in the following table.
Role | Responsibilities |
Sponsor | Internal sponsorship |
Delivery manager | Migration delivery |
Solutions architect | Define the current and new architecture |
DevOps engineer | DevOps activities |
QA tester | System-level testing |
Product owner | Task prioritization based on business requirements |
TeamSite authors | Migration user acceptance testing (UAT) |
TeamSite administrator | Migration UAT |
OpenText lead | OpenText product specialist |
OpenText developer | OpenText product specialist |
Pricing specialist | AWS and OpenText licensing |
IT security | IT security baseline |
Third-party integration developer | Rework existing integrations |
Front-end developer | Make changes to migrated front-end code |
Database administrator | Database configuration |
Limitations
Ensure compatibility with your target operating systems (OSs). You can use the compatibility matrix from the product release notes of the OpenText product version that you are migrating.
Architecture
Source technology stack
OpenText customer experience solutions hosted on premises or on another cloud provider:
OpenText TeamSite
OpenText LiveSite
OpenText Media Management
OpenText MediaBin
Target technology stack
An OpenText Customer Experience platform hosted on the AWS Cloud and that uses the following AWS services:
Amazon Elastic Compute Cloud (Amazon EC2)
Amazon Elastic Container Service (Amazon ECS)
Amazon OpenSearch Service
Elastic Load Balancing
AWS Lambda
Amazon API Gateway
Amazon Relational Database Service (Amazon RDS)
Amazon Elastic Block Store (Amazon EBS)
Amazon Simple Storage Service (Amazon S3)
Target architecture
Tools
AWS Database Migration Service (AWS DMS) is a cloud service that makes it easy to migrate relational databases, data warehouses, NoSQL databases, and other types of data stores.
AWS Application Migration Service automates the conversion of your source servers to run natively on AWS. It also simplifies application modernization with built-in and custom optimization options.
Epics
| Task | Description | Skills required |
|---|---|---|
Hold workshops on discovery requirements. | Hold workshops with business and technical teams to discover the current landscape, gather requirements, and validate the migration strategy. Depending on your migration’s complexity and scope, your organization might require several workshops. Duration: Two weeks | Sponsor (optional), Delivery manager, Solutions architect, OpenText lead, Product owner |
Analyze solution and migration requirements. | Analyze and document the business, functional, and technical requirements that influence the design of the planned solution and migration process. Duration: One week | Solutions architect, OpenText lead, Product owner |
Document your existing OpenText architecture. | Document your existing OpenText architecture, including core components and all related applications and services. Duration: One week | Solutions architect, OpenText lead, Product owner |
Define the planned AWS architecture. | Define your planned AWS architecture based on the identified components, requirements, and using the OpenText compatibility matrix. You can find the OpenText compatibility matrix in the release notes of your OpenText TeamSite version. Duration: One week | Solutions architect, OpenText lead, Product owner, IT security |
Assess the size of your planned AWS architecture. | Size requirements vary for different architectural components depending on the workload and other non-functional requirements. Duration: Two days | Solutions architect, OpenText lead |
Calculate the TCO. | Calculate the total cost of ownership (TCO) for your proposed solution. Duration: Two days | Solutions architect, Pricing specialist |
Define the migration strategy for each component. | Define and document which of the seven common migration strategies (7 Rs) to use for each core or additional component that must be migrated to the AWS Cloud. Duration: One week | Solutions architect, OpenText lead, Product owner |
Define the migration process for the components. | Define the detailed migration process for each of your workload’s components. Duration: One week | Solutions architect, OpenText lead, Product owner, IT security |
Define the global migration process and dependencies. | Create a global migration process and calendar that includes the migration details for components, dependencies, and business continuity. Duration: Three days | Solutions architect, OpenText lead, Product owner, IT security |
| Task | Description | Skills required |
|---|---|---|
Create security policies. | Configure the customer managed security policies in your AWS accounts. These should include password complexity and rotation, in addition to automatically turning off unused accounts. For more information about customer managed policies, see Customer managed policies in the AWS Identity and Access Management (IAM) documentation. | Solutions architect |
Create IAM users. | Create the IAM users that require access to the AWS Management Console, AWS Command Line Interface (AWS CLI), and AWS SDK. For more information about creating IAM users, see Creating an IAM user in your AWS account in the IAM documentation. | Solutions architect |
Create IAM groups. | Create the required IAM user groups (for example, administrator or developer groups) and add IAM users to those groups. For more information about IAM user groups, see IAM user groups in the IAM documentation. | Solutions architect |
Attach security policies. | Attach security policies to the IAM groups or roles. For more information about this, see Attaching a policy to an IAM user group in the IAM documentation. | Solutions architect |
Turn on detailed billing. | For more information about billing, see Monitoring your usage and costs in the AWS Billing and Cost Management documentation. | Solutions architect |
Check the contact details for your accounts. | Make sure that the contact details for your accounts are up to date and map to more than one individual in your organization. For more information, see Managing an AWS account in the AWS Billing and Cost Management documentation. | Solutions architect, Product owner |
Add security contact information. | Configure your contact information with your security contact information. For more information about this, see Managing an AWS account in the AWS Billing and Cost Management documentation. | Solutions architect, IT security |
Set up IAM roles for EC2 instances. | Configure the IAM roles for the EC2 instances. For more information about this, see IAM roles for Amazon EC2 in the Amazon EC2 documentation. | Solutions architect |
Configure access to AWS Support. | Attach an IAM policy to IAM users that require access to AWS Support for Support Center and to create support cases. For more information about this, see Access permissions for AWS Support in the AWS Support documentation. | Solutions architect |
Enable CloudTrail. | Automatically enable AWS CloudTrail in all your AWS Regions. For more information about this, see Using | Solutions architect |
Enable CloudTrail log file validation. | Enable the validation of CloudTrail log files. For more information about this, see Enabling log file integrity validation for CloudTrail in the AWS CloudTrail documentation. | Solutions architect |
Restrict access to any S3 buckets that contain CloudTrail logs. | Apply a bucket policy restricting access to S3 buckets that contain CloudTrail log files. For more information about this, see Amazon S3 bucket policy for CloudTrail in the AWS CloudTrail documentation. | Solutions architect |
Integrate CloudTrail with CloudWatch Logs | Integrate trails generated by CloudTrail with Amazon CloudWatch Logs. For more information about this, see Sending events to CloudWatch Logs in the AWS CloudTrail documentation | Solutions architect |
Enable AWS Config in all required Regions. | Automatically enable AWS Config in all required Regions. You can set up AWS Config by using AWS CLI. For more information, see Setting Up AWS Config with the AWS CLI in the AWS Config documentation. | Solutions architect |
Enable logging of S3 bucket access. | Automate S3 bucket access logging with CloudTrail. For more information about this, see Enabling CloudTrail event logging for S3 buckets and objects in the Amazon S3 documentation. | Solutions architect |
Configure AWS KMS key policies for CloudTrail. | Automate the configuration of AWS Key Management Service (AWS KMS) key policies for CloudTrail. For more information about this, see Configure AWS KMS key policies for CloudTrail in the AWS CloudTrail documentation. | Solutions architect |
Encrypt CloudTrail logs at rest. | Configure server-side encryption of CloudTrail logs using customer managed keys held in AWS KMS. For more information about this, see Encrypting CloudTrail log files with AWS KMS managed keys (SSE-KMS) in the AWS CloudTrail documentation. | Solutions architect |
Automatically rotate KMS keys. | Configure the rotation of AWS KMS keys. For more information about this, see How to enable and disable automatic key rotation in the AWS KMS documentation. | Solutions architect |
Configure CloudWatch alarms. | Configure the Amazon CloudWatch alarms that are initiated by specific events. For example, unauthorized requests to APIs or use of the root account. For more information about this, see How to receive notifications when your AWS account’s root access keys are used | Solutions architect |
Configure security groups. | Configure security groups to ensure that unrestricted inbound traffic is not allowed on ports 22 and 3389. | Solutions architect |
Turn on VPC flow logging. | Capture rejected IP traffic to and from network interfaces in your virtual private cloud (VPC) and configure CloudWatch to capture it. For more information about this, see Creating a flow log in the Amazon VPC documentation. | Solutions architect |
Modify the default security group to restrict all traffic. | Modify each VPC's default security group so that traffic is denied by default and access is explicitly granted through your security groups. For more information about this, see Security groups for your VPC in the Amazon VPC documentation. | Solutions architect |
Configure routing tables between the VPCs. | Configure the routing tables for VPC peering with the least access necessary. For more information about this, see Updating your route tables for a VPC peering connection in the Amazon VPC documentation. | Solutions architect |
| Task | Description | Skills required |
|---|---|---|
Provision the AWS infrastructure. | Create the AWS accounts and resources. Duration: Two weeks | DevOps engineer, Solutions architect |
Set up DevOps tools and processes. | Set up DevOps tools and procedures, such as continuous integration and continuous delivery (CI/CD) pipelines and automated testing frameworks. | DevOps engineer, Solutions architect |
Automate the migration of core components. | Use existing templates or scripts to automate the installation and configuration of OpenText products including TeamSite, LiveSite, OpenDeploy and MediaBin. Duration: One week | DevOps engineer, Solutions architect, OpenText lead |
Automate the migration of additional components. | Analyze and automate the migration of additional applications that are integrated with OpenText core components (for example, additional databases, communication, monitoring, or cache components). Duration: Two weeks | DevOps engineer, Solutions architect, OpenText lead |
Adapt core components. | Make any required changes to customizations of OpenText core components (for example, integrations). | Solutions architect, OpenText lead, OpenText developer, Third-party integration developer, Front-end developer |
Implement and configure additional services. | Provision, configure, and implement any new AWS services, such as AWS Lambda functions or Amazon API Gateway. | DevOps engineer, Solutions architect, Third-party integration developer, Front-end developer |
Migrate or refactor other components. | Migrate additional components, including any required refactoring. This includes external applications such as custom-made reporting portals or existing API integration layers. | DevOps engineer, Solutions architect, Third-party integration developer, Front-end developer |
Carry out migration in development environment. | Automated migration activities for the development environment, including system provisioning, data migration, application migration, installation, and configuration. | DevOps engineer |
Carry out migration in production environment. | Automated migration activities for the production environment, including system provisioning, data migration, application migration, installation, and configuration. | DevOps engineer |
| Task | Description | Skills required |
|---|---|---|
Define CIDR blocks for each VPC. | Define the Classless Inter-Domain Routing (CIDR) block (the IP range and mask) for each non-default VPC. Duration: Less than one week | DevOps engineer, Solutions architect |
Define subnets and Availability Zones. | Define the subnets and Availability Zones that are used in each non-default VPC. Duration: Less than one week | DevOps engineer, Solutions architect |
Define security groups. | Define security groups and security group rules for controlling security on AWS resources. Duration: Less than one week | DevOps engineer, Solutions architect |
Define network ACLs. | Define the network access control lists (ACLs) to control security at subnet boundaries. Duration: Less than one week | DevOps engineer, Solutions architect |
| Task | Description | Skills required |
|---|---|---|
Prepare the source databases. | Use AWS DMS to prepare each source database for ongoing replication to the AWS Cloud. | DevOps engineer, Solutions architect |
Create the databases for the OpenText core components. | Create the databases required by the Opentext TeamSite, LiveSite, and MediaBin components. Make sure that users and access rights are correctly configured according to the OpenText installation documentation. | Solutions architect, OpenText lead, OpenText developer |
Copy data from source database servers. | Automate the process of copying data for OpenText core components from the source database server to the target database server. | Solutions architect, OpenText lead, OpenText developer |
Synchronize data from the database servers. | Automate the process of performing regular data synchronization from the source databases to the target databases. | OpenText developer |
| Task | Description | Skills required |
|---|---|---|
Copy the OpenText TeamSite content stores. | Automate the process of copying the content stores from the source OpenText TeamSite server to the target OpenText TeamSite server. | Solutions architect, OpenText lead, OpenText developer |
Map users and groups. | Internal mapping of internal OpenText TeamSite user IDs to target system IDs. | OpenText lead |
Synchronize the OpenText TeamSite content stores. | Automate the process of performing regular synchronizing of source and target content stores. This is implemented as part of the migration and QA process. | OpenText developer |
Copy data from web servers. | Automate the process of copying data from the source web servers to the target web servers. | Solutions architect, OpenText lead, OpenText developer |
Synchronize the web server data. | Automate the process of performing regular synchronizing of source and target web server data. | OpenText developer |
Copy data from web server file system. | Automate the process of copying content and other web assets from the source web server file system to the target web servers. | Solutions architect, OpenText lead, OpenText developer |
Synchronize the web server file systems. | Automate the process of performing regular synchronizing of content and other web assets from the source web server file system to the target web servers. | OpenText developer |
Generate feeds and indexes. | Automate the process of running any processes that generate feeds or other indexes (for example, web search) that uses OpenText TeamSite or web server content as a data source. | Solutions architect, OpenText lead, OpenText developer |
Synchronize the generation of feeds and indexes. | Automate the process of performing regular regeneration of feeds and indexes after data synchronizations. | OpenText developer |
| Task | Description | Skills required |
|---|---|---|
Perform migration QA. | Test the target AWS environment, applications, and services to ensure the automated migration processes are correctly built and configured. | DevOps engineer, OpenText lead, QA tester |
Carry out performance testing. | Test the performance in terms of responsiveness and stability under a particular workload. Investigate, measure, validate, or verify other quality attributes of the destination system, such as scalability and reliability. For this test to be useful, you must have a testing environment that is the same size as your production environment. Duration: Between one and two weeks | DevOps engineer, OpenText lead |
Security testing. | Vulnerability scanning and penetration testing to reveal potential flaws in the security mechanisms of an application that protect data and maintain functionality as required. For this test to be useful, you must have a testing environment that is equivalent to your production environment in terms of networking and security. Duration: Between one and two weeks | DevOps engineer, OpenText lead |
| Task | Description | Skills required |
|---|---|---|
Check operational readiness. | Understand how you currently perform IT operations and how you will operate in the AWS Cloud. You can achieve this business outcome by defining a cloud operating model. Duration: One week | DevOps engineer, OpenText lead, Service delivery manager |
Invest in operations automation. | Invest in automation to deliver an AWS operating model. | DevOps engineer, OpenText lead, Service delivery manager |
Integrate operations. | Continue using current IT tools and extend them through integration to the AWS Cloud. | DevOps engineer, OpenText lead, Service delivery manager |
| Task | Description | Skills required |
|---|---|---|
Switch DNS. | Manually switch the domain name system (DNS) from existing hosts to hosts based in the AWS Cloud. Duration: One hour | DevOps engineer, OpenText lead |
Test disaster recovery. | Test disaster recovery, backup restore, and run your automated tests. Duration: One day | DevOps engineer, OpenText lead, QA tester |
Validate monitoring and analytics. | Validate that the monitoring and analytics are working. Duration: Two hours | DevOps engineer, OpenText lead |
Turn off old environment and request the server’s shutdown. | Duration: Three days | DevOps engineer, OpenText lead |
Related resources
