IBM Cloud Docs
Migrating your IBM Cloud Activity Tracker architecture

Migrating your IBM Cloud Activity Tracker architecture

Migrating IBM Cloud® Activity Tracker instances to IBM Cloud Logs in IBM Cloud require the configuration of the IBM Cloud Activity Tracker Event Routing service in the account and provisioning 1 or more IBM Cloud Logs instances. A migration tool is provided to help you migrate.

IBM Cloud Activity Tracker architectures

You have multiple options to manage activity tracking events in an account:

  • Option 1: You can provision IBM Cloud Activity Tracker instances in different regions to collect and monitor activity tracking events that are generated in your account in each one of those regions.

    For example, you can operate in eu-de, eu-es, us-east, and us-south, and have IBM Cloud Activity Tracker instances provisioned in each one of these regions.

    Account overview of handling activity tracking events by using IBM Cloud Activity Tracker.
    Account overview of handling activity tracking events by using IBM Cloud Activity Tracker.

  • Option 2: You can use IBM Cloud Activity Tracker Event Routing (a platform service) to route auditing events in your account to 1 or more destinations by configuring targets and routes that define where activity tracking events are sent.

    The following image shows a high-level view of the different IBM Cloud Activity Tracker Event Routing destinations:

    Account overview of handling activity tracking events.
    Overview of handling activity tracking events in an account

    For example, you can configure IBM Cloud Activity Tracker Event Routing to route events to the IBM Cloud Activity Tracker service. For more information, see About IBM Cloud Activity Tracker Event Routing.

    • Scenario 1: You can route all activity tracking events into 1 IBM Cloud Activity Tracker instance.

      Account overview of handling activity tracking events by using IBM Cloud Activity Tracker Event Routing.
      Account overview of handling activity tracking events by using IBM Cloud Activity Tracker Event Routing..

    • Scenario 2: You can route activity tracking events that are generated in the account to different IBM Cloud Activity Tracker instances, for example, keeping the locality where the event is generated.

      Account overview of handling activity tracking events by using IBM Cloud Activity Tracker Event Routing.
      Account overview of handling activity tracking events by using IBM Cloud Activity Tracker Event Routing.

  • Option 3: You can have a mix scenario where you manage events that are generated by some IBM Cloud services and collected in IBM Cloud Activity Tracker instances in the region where the service is provisioned and IBM Cloud Activity Tracker Event Routing configured to route auditing events in your account to 1 or more destinations by configuring targets and routes that define where activity tracking events are sent.

    Account overview of a mix services scenario.
    Account overview of a mix services scenario

Options for migration

The IBM Cloud Activity Tracker service is deprecated.

You must migrate your IBM Cloud Activity Tracker instances to IBM Cloud Logs instances.

If you already use IBM Cloud Activity Tracker Event Routing, see Migrating IBM Cloud Activity Tracker Event Routing.

If you just have IBM Cloud Activity Tracker instances provisioned in your account, you must decide whether you want to keep the current IBM Cloud Activity Tracker architecture and maintain data locality or if you prefer to move to a centralize model where all activity tracking events are collected in a single IBM Cloud Logs instance.

Choose based on your requirements from any of the following options:

Migration scenarios
Requirement Migration scenario
Centralize auditing events Migrate IBM Cloud Activity Tracker instances into 1 IBM Cloud Logs instance
Data locality required Migrate IBM Cloud Activity Tracker instances into N IBM Cloud Logs instances, replicating the current IBM Cloud Activity Tracker architecture

Migrating to a central model

You can manually migrate IBM Cloud Activity Tracker instances into 1 IBM Cloud Logs instance, and configure IBM Cloud Activity Tracker Event Routing in the account.

You can use the migration tool to migrate IBM Cloud Activity Tracker instances into 1 IBM Cloud Logs instance, and configure IBM Cloud Activity Tracker Event Routing in the account. For more information, see Migrating IBM Cloud Activity Tracker instances into 1 IBM Cloud Logs instance for centralize auditing events.

The following image shows a high-level view of the account after you migrate IBM Cloud Activity Tracker instances from multiple regions in the account into 1 instance of IBM Cloud Logs:

High-level view of the account after IBM Cloud Activity Tracker instances from multiple regions in the account are migrated into 1 instance of IBM Cloud Logs
High-level view of the account after IBM Cloud Activity Tracker instances from multiple regions in the account are migrated into 1 instance of IBM Cloud Logs

Migrating maintaing data locality

You can use the migration tool to migrate IBM Cloud Activity Tracker instances into N IBM Cloud Logs instances, replicating the current IBM Cloud Activity Tracker architecture. Then, after you have migrated all instances, you can use the migration tool to configure IBM Cloud Activity Tracker Event Routing in the account. For more information, see Migrating IBM Cloud Activity Tracker instances into N IBM Cloud Logs instances for data locality.

The following image shows a high-level view of the account after IBM Cloud Activity Tracker instances from multiple regions in the account are migrated into multiple instances of IBM Cloud Logs:

High-level view of the account after IBM Cloud Activity Tracker instances from multiple regions in the account are migrated into multiple instances of IBM Cloud Logs
High-level view of the account after IBM Cloud Activity Tracker instances from multiple regions in the account are migrated into multiple instances of IBM Cloud Logs

Migrating a mix service model

You can have a mix scenario where you manage events that are generated by some IBM Cloud services and collected in IBM Cloud Activity Tracker instances in the region where the service is provisioned, and IBM Cloud Activity Tracker Event Routing configured to route auditing events in your account to 1 or more destinations by configuring targets and routes that define where activity tracking events are sent.

Validating the new architecture

While you migrate and validate the new architecture, you must collect events in your IBM Cloud Activity Tracker instances, same as you currently do now. You must configure IBM Cloud Activity Tracker Event Routing to send activity tracking events to your IBM Cloud Activity Tracker instances with rules that map your current IBM Cloud Activity Tracker architecture in the account. If you fail to configure this route, activity tracking events will stop being routed to your current IBM Cloud Activity Tracker instances.

What IBM Cloud Activity Tracker Event Routing configuration do you need?

  • 1 target per IBM Cloud Activity Tracker instance
  • 1 target per IBM Cloud Logs instance that is the result of migrating an IBM Cloud Activity Tracker instance
  • 1 route to send activity tracking events to your IBM Cloud Activity Tracker instances with rules that map your current IBM Cloud Activity Tracker architecture in the account.
  • 1 route to send activity tracking events to your IBM Cloud Logs instances in the account.

Until you have validated the new architecture and you can remove the IBM Cloud Activity Tracker instances from the account, you must continue managing the account through the deprecated services.

For example, your validation configuration in the account should look like the following if you choose a central architecture:

High-level view of the account during validation of a centralize architecture."
High-level view of the account during validation of a centralize architecture

For example, your validation configuration in the account should look like the following if you chose a data locality architecture:

High-level view of the account during validation of a centralize architecture."
High-level view of the account during validation of a centralize architecture

Checklist to plan for migration

Consider these items when you are planning your migration of IBM Cloud Activity Tracker instances in an account:

  • In IBM Cloud Logs, you can query all data that is stored in your configured IBM Cloud Object Storage bucket. You own and maintain the bucket and the data stored in it. A separate archiving solution is not required.

  • The data format of activity tracking events is not changed with the deprecation of the IBM Cloud Activity Tracker service.