Migrate OpenText TeamSite workloads to the AWS Cloud - AWS Prescriptive Guidance

Migrate OpenText TeamSite workloads to the AWS Cloud

Created by Battulga Purevragchaa (AWS), Michael Stewart, and Carlos Marruenda Molina

Environment: Production

Source: On premises

Target: AWS

R Type: Replatform

Workload: All other workloads

Technologies: Migration; Web & mobile apps

AWS services: Amazon EC2; Amazon RDS

Summary

Warning: This scenario requires IAM users with programmatic access and long-term credentials, which presents a security risk. To help mitigate this risk, we recommend that you provide these users with only the permissions they require to perform the task and that you remove these users when they are no longer needed. Access keys can be updated if necessary. For more information, see Updating access keys in the IAM user guide.

Many OpenText Experience Platform instances are hosted on premises or on traditional hosting solutions with fixed capacity and legacy cost models. Migrating your OpenText Experience Platform workloads to the Amazon Web Services (AWS) Cloud provides additional capabilities and value by increasing your business agility and integration opportunities, in addition to reducing your overall ownership cost.

This pattern provides steps and a template to migrate OpenText TeamSite workloads to the AWS Cloud. The pattern helps you understand how to scope and budget your migration projects by providing a detailed Epics section that guides you through an OpenText TeamSite migration process.

This pattern was developed by AWS and TBSCG, an AWS Partner, and accompanies the guide Migrating OpenText TeamSite and Media Management workloads to the AWS Cloud on the AWS Prescriptive Guidance website.

Prerequisites and limitations

Prerequisites 

  • At least one active AWS account

  • An OpenText workload hosted in an on-premises data center or on another cloud provider

  • Active OpenText licenses

The migration process also requires the roles and responsibilities that are described in the following table.

Role

Responsibilities

Sponsor

Internal sponsorship 

Delivery manager

Migration delivery

Solutions architect

Define the current and new architecture

DevOps engineer

DevOps activities

QA tester

System-level testing

Product owner

Task prioritization based on business requirements

TeamSite authors

Migration user acceptance testing (UAT)

TeamSite administrator

Migration UAT

OpenText lead

OpenText product specialist 

OpenText developer

OpenText product specialist

Pricing specialist

AWS and OpenText licensing 

IT security

IT security baseline 

Third-party integration developer

Rework existing integrations

Front-end developer

Make changes to migrated front-end code

Database administrator

Database configuration

Limitations 

  • Ensure compatibility with your target operating systems (OSs). You can use the compatibility matrix from the product release notes of the OpenText product version that you are migrating.

Architecture

Source technology stack

  • OpenText customer experience solutions hosted on premises or on another cloud provider:

    • OpenText TeamSite 

    • OpenText LiveSite

    • OpenText Media Management  

    • OpenText MediaBin  

Target technology stack  

  • An OpenText Customer Experience platform hosted on the AWS Cloud and that uses the following AWS services:

    • Amazon Elastic Compute Cloud (Amazon EC2)

    • Amazon Elastic Container Service (Amazon ECS)

    • Amazon OpenSearch Service

    • Elastic Load Balancing

    • AWS Lambda

    • Amazon API Gateway

    • Amazon Relational Database Service (Amazon RDS)

    • Amazon Elastic Block Store (Amazon EBS)

    • Amazon Simple Storage Service (Amazon S3)

Target architecture

Operating OpenText TeamSite workloads in the AWS Cloud.

Tools

  • AWS Database Migration Service (AWS DMS) is a cloud service that makes it easy to migrate relational databases, data warehouses, NoSQL databases, and other types of data stores. 

  • AWS Application Migration Service automates the conversion of your source servers to run natively on AWS. It also simplifies application modernization with built-in and custom optimization options.

Epics

TaskDescriptionSkills required

Hold workshops on discovery requirements.

Hold workshops with business and technical teams to discover the current landscape, gather requirements, and validate the migration strategy. Depending on your migration’s complexity and scope, your organization might require several workshops.

Duration: Two weeks

Sponsor (optional), Delivery manager, Solutions architect, OpenText lead, Product owner

Analyze solution and migration requirements.

Analyze and document the business, functional, and technical requirements that influence the design of the planned solution and migration process.

Duration: One week

Solutions architect, OpenText lead, Product owner

Document your existing OpenText architecture.

Document your existing OpenText architecture, including core components and all related applications and services.

Duration: One week

Solutions architect, OpenText lead, Product owner

Define the planned AWS architecture.

Define your planned AWS architecture based on the identified components, requirements, and using the OpenText compatibility matrix. You can find the OpenText compatibility matrix in the release notes of your OpenText TeamSite version.

Duration: One week

Solutions architect, OpenText lead, Product owner, IT security

Assess the size of your planned AWS architecture.

Size requirements vary for different architectural components depending on the workload and other non-functional requirements.

Duration: Two days

Solutions architect, OpenText lead

Calculate the TCO.

Calculate the total cost of ownership (TCO) for your proposed solution.

Duration: Two days

Solutions architect, Pricing specialist

Define the migration strategy for each component.

Define and document which of the seven common migration strategies (7 Rs) to use for each core or additional component that must be migrated to the AWS Cloud.

Duration: One week

Solutions architect, OpenText lead, Product owner

Define the migration process for the components.

Define the detailed migration process for each of your workload’s components.

Duration: One week

Solutions architect, OpenText lead, Product owner, IT security

Define the global migration process and dependencies.

Create a global migration process and calendar that includes the migration details for components, dependencies, and business continuity.

Duration: Three days

Solutions architect, OpenText lead, Product owner, IT security
TaskDescriptionSkills required

Create security policies.

Configure the customer managed security policies in your AWS accounts. These should include password complexity and rotation, in addition to automatically turning off unused accounts. 

For more information about customer managed policies, see Customer managed policies in the AWS Identity and Access Management (IAM) documentation.

Solutions architect

Create IAM users.

Create the IAM users that require access to the AWS Management Console, AWS Command Line Interface (AWS CLI), and AWS SDK.

For more information about creating IAM users, see Creating an IAM user in your AWS account in the IAM documentation.

Solutions architect

Create IAM groups.

Create the required IAM user groups (for example, administrator or developer groups) and add IAM users to those groups. 

For more information about IAM user groups, see IAM user groups in the IAM documentation.

Solutions architect

Attach security policies.

Attach security policies to the IAM groups or roles.  

For more information about this, see Attaching a policy to an IAM user group in the IAM documentation.

Solutions architect

Turn on detailed billing.

For more information about billing, see Monitoring your usage and costs in the AWS Billing and Cost Management documentation.

Solutions architect

Check the contact details for your accounts.

Make sure that the contact details for your accounts are up to date and map to more than one individual in your organization. 

For more information, see Managing an AWS account in the AWS Billing and Cost Management documentation.

Solutions architect, Product owner

Add security contact information.

Configure your contact information with your security contact information.

For more information about this, see Managing an AWS account in the AWS Billing and Cost Management documentation.

Solutions architect, IT security

Set up IAM roles for EC2 instances.

Configure the IAM roles for the EC2 instances. 

For more information about this, see IAM roles for Amazon EC2 in the Amazon EC2 documentation.

Solutions architect

Configure access to AWS Support.

Attach an IAM policy to IAM users that require access to AWS Support for Support Center and to create support cases. 

For more information about this, see Access permissions for AWS Support in the AWS Support documentation.

Solutions architect

Enable CloudTrail.

Automatically enable AWS CloudTrail in all your AWS Regions. 

For more information about this, see Using create-trail in the AWS CloudTrail documentation.

Solutions architect

Enable CloudTrail log file validation.

Enable the validation of CloudTrail log files.

For more information about this, see Enabling log file integrity validation for CloudTrail in the AWS CloudTrail documentation. 

Solutions architect

Restrict access to any S3 buckets that contain CloudTrail logs.

Apply a bucket policy restricting access to S3 buckets that contain CloudTrail log files.

For more information about this, see Amazon S3 bucket policy for CloudTrail in the AWS CloudTrail documentation.

Solutions architect

Integrate CloudTrail with CloudWatch Logs

Integrate trails generated by CloudTrail with Amazon CloudWatch Logs. 

For more information about this, see Sending events to CloudWatch Logs in the AWS CloudTrail documentation

Solutions architect

Enable AWS Config in all required Regions.

Automatically enable AWS Config in all required Regions. 

You can set up AWS Config by using AWS CLI. For more information, see Setting Up AWS Config with the AWS CLI in the AWS Config documentation.

Solutions architect

Enable logging of S3 bucket access.

Automate S3 bucket access logging with CloudTrail. 

For more information about this, see Enabling CloudTrail event logging for S3 buckets and objects in the Amazon S3 documentation.

Solutions architect

Configure AWS KMS key policies for CloudTrail.

Automate the configuration of AWS Key Management Service (AWS KMS) key policies for CloudTrail. 

For more information about this, see Configure AWS KMS key policies for CloudTrail in the AWS CloudTrail documentation.

Solutions architect

Encrypt CloudTrail logs at rest.

Configure server-side encryption of CloudTrail logs using customer managed keys held in AWS KMS. 

For more information about this, see Encrypting CloudTrail log files with AWS KMS managed keys (SSE-KMS) in the AWS CloudTrail documentation.

Solutions architect

Automatically rotate KMS keys.

Configure the rotation of AWS KMS keys. 

For more information about this, see How to enable and disable automatic key rotation in the AWS KMS documentation.

Solutions architect

Configure CloudWatch alarms.

Configure the Amazon CloudWatch alarms that are initiated by specific events. For example, unauthorized requests to APIs or use of the root account. 

For more information about this, see How to receive notifications when your AWS account’s root access keys are used from the AWS Security Blog. 

Solutions architect

Configure security groups.

Configure security groups to ensure that unrestricted inbound traffic is not allowed on ports 22 and 3389.

Solutions architect

Turn on VPC flow logging.

Capture rejected IP traffic to and from network interfaces in your virtual private cloud (VPC) and configure CloudWatch to capture it.

For more information about this, see Creating a flow log in the Amazon VPC documentation.  

Solutions architect

Modify the default security group to restrict all traffic.

Modify each VPC's default security group so that traffic is denied by default and access is explicitly granted through your security groups. 

For more information about this, see Security groups for your VPC in the Amazon VPC documentation. 

Solutions architect

Configure routing tables between the VPCs.

Configure the routing tables for VPC peering with the least access necessary. 

For more information about this, see Updating your route tables for a VPC peering connection in the Amazon VPC documentation.

Solutions architect
TaskDescriptionSkills required

Provision the AWS infrastructure.

Create the AWS accounts and resources.

Duration: Two weeks

DevOps engineer, Solutions architect

Set up DevOps tools and processes.

Set up DevOps tools and procedures, such as continuous integration and continuous delivery (CI/CD) pipelines and automated testing frameworks.

DevOps engineer, Solutions architect

Automate the migration of core components.

Use existing templates or scripts to automate the installation and configuration of OpenText products including TeamSite, LiveSite, OpenDeploy and MediaBin.

Duration: One week

DevOps engineer, Solutions architect, OpenText lead

Automate the migration of additional components.

Analyze and automate the migration of additional applications that are integrated with OpenText core components (for example, additional databases, communication, monitoring, or cache components).

Duration: Two weeks

DevOps engineer, Solutions architect, OpenText lead

Adapt core components.

Make any required changes to customizations of OpenText core components (for example, integrations).

Solutions architect, OpenText lead, OpenText developer, Third-party integration developer, Front-end developer

Implement and configure additional services.

Provision, configure, and implement any new AWS services, such as AWS Lambda functions or Amazon API Gateway.

DevOps engineer, Solutions architect, Third-party integration developer, Front-end developer

Migrate or refactor other components.

Migrate additional components, including any required refactoring. This includes external applications such as custom-made reporting portals or existing API integration layers.

DevOps engineer, Solutions architect, Third-party integration developer, Front-end developer

Carry out migration in development environment.

Automated migration activities for the development environment, including system provisioning, data migration, application migration, installation, and configuration.

DevOps engineer

Carry out migration in production environment.

Automated migration activities for the production environment, including system provisioning, data migration, application migration, installation, and configuration.

DevOps engineer
TaskDescriptionSkills required

Define CIDR blocks for each VPC.

Define the Classless Inter-Domain Routing (CIDR) block (the IP range and mask) for each non-default VPC.

Duration: Less than one week

DevOps engineer, Solutions architect

Define subnets and Availability Zones.

Define the subnets and Availability Zones that are used in each non-default VPC.

Duration: Less than one week

DevOps engineer, Solutions architect

Define security groups.

Define security groups and security group rules for controlling security on AWS resources.

Duration: Less than one week

DevOps engineer, Solutions architect

Define network ACLs.

Define the network access control lists (ACLs) to control security at subnet boundaries.

Duration: Less than one week

DevOps engineer, Solutions architect
TaskDescriptionSkills required

Prepare the source databases.

Use AWS DMS to prepare each source database for ongoing replication to the AWS Cloud.

DevOps engineer, Solutions architect

Create the databases for the OpenText core components.

Create the databases required by the Opentext TeamSite, LiveSite, and MediaBin components. Make sure that users and access rights are correctly configured according to the OpenText installation documentation.

Solutions architect, OpenText lead, OpenText developer

Copy data from source database servers.

Automate the process of copying data for OpenText core components from the source database server to the target database server.

Solutions architect, OpenText lead, OpenText developer

Synchronize data from the database servers.

Automate the process of performing regular data synchronization from the source databases to the target databases.

OpenText developer
TaskDescriptionSkills required

Copy the OpenText TeamSite content stores.

Automate the process of copying the content stores from the source OpenText TeamSite server to the target OpenText TeamSite server.

Solutions architect, OpenText lead, OpenText developer

Map users and groups.

Internal mapping of internal OpenText TeamSite user IDs to target system IDs.

OpenText lead

Synchronize the OpenText TeamSite content stores.

Automate the process of performing regular synchronizing of source and target content stores. This is implemented as part of the migration and QA process.

OpenText developer

Copy data from web servers.

Automate the process of copying data from the source web servers to the target web servers.

Solutions architect, OpenText lead, OpenText developer

Synchronize the web server data.

Automate the process of performing regular synchronizing of source and target web server data.

OpenText developer

Copy data from web server file system.

Automate the process of copying content and other web assets from the source web server file system to the target web servers.

Solutions architect, OpenText lead, OpenText developer

Synchronize the web server file systems.

Automate the process of performing regular synchronizing of content and other web assets from the source web server file system to the target web servers.

OpenText developer

Generate feeds and indexes.

Automate the process of running any processes that generate feeds or other indexes (for example, web search) that uses OpenText TeamSite or web server content as a data source.

Solutions architect, OpenText lead, OpenText developer

Synchronize the generation of feeds and indexes.

Automate the process of performing regular regeneration of feeds and indexes after data synchronizations.

OpenText developer
TaskDescriptionSkills required

Perform migration QA.

Test the target AWS environment, applications, and services to ensure the automated migration processes are correctly built and configured.

DevOps engineer, OpenText lead, QA tester

Carry out performance testing.

Test the performance in terms of responsiveness and stability under a particular workload. Investigate, measure, validate, or verify other quality attributes of the destination system, such as scalability and reliability.

For this test to be useful, you must have a testing environment that is the same size as your production environment.

Duration: Between one and two weeks

DevOps engineer, OpenText lead

Security testing.

Vulnerability scanning and penetration testing to reveal potential flaws in the security mechanisms of an application that protect data and maintain functionality as required.

For this test to be useful, you must have a testing environment that is equivalent to your production environment in terms of networking and security.

Duration: Between one and two weeks

DevOps engineer, OpenText lead
TaskDescriptionSkills required

Check operational readiness.

Understand how you currently perform IT operations and how you will operate in the AWS Cloud. You can achieve this business outcome by defining a cloud operating model. 

Duration: One week

DevOps engineer, OpenText lead, Service delivery manager

Invest in operations automation.

Invest in automation to deliver an AWS operating model.

DevOps engineer, OpenText lead, Service delivery manager

Integrate operations.

Continue using current IT tools and extend them through integration to the AWS Cloud.

DevOps engineer, OpenText lead, Service delivery manager
TaskDescriptionSkills required

Switch DNS.

Manually switch the domain name system (DNS) from existing hosts to hosts based in the AWS Cloud.

Duration: One hour

DevOps engineer, OpenText lead

Test disaster recovery.

Test disaster recovery, backup restore, and run your automated tests.

Duration: One day

DevOps engineer, OpenText lead, QA tester

Validate monitoring and analytics.

Validate that the monitoring and analytics are working.

Duration: Two hours

DevOps engineer, OpenText lead

Turn off old environment and request the server’s shutdown.

Duration: Three days

DevOps engineer, OpenText lead

Related resources