Migrating your IBM Cloud Activity Tracker architecture
Migrating IBM Cloud® Activity Tracker instances to IBM Cloud Logs in IBM Cloud require the configuration of the IBM Cloud Activity Tracker Event Routing service in the account and provisioning 1 or more IBM Cloud Logs instances. A migration tool is provided to help you migrate.
IBM Cloud Activity Tracker architectures
You have multiple options to manage activity tracking events in an account:
-
Option 1: You can provision IBM Cloud Activity Tracker instances in different regions to collect and monitor activity tracking events that are generated in your account in each one of those regions.
For example, you can operate in eu-de, eu-es, us-east, and us-south, and have IBM Cloud Activity Tracker instances provisioned in each one of these regions.
-
Option 2: You can use IBM Cloud Activity Tracker Event Routing (a platform service) to route auditing events in your account to 1 or more destinations by configuring targets and routes that define where activity tracking events are sent.
The following image shows a high-level view of the different IBM Cloud Activity Tracker Event Routing destinations:
For example, you can configure IBM Cloud Activity Tracker Event Routing to route events to the IBM Cloud Activity Tracker service. For more information, see About IBM Cloud Activity Tracker Event Routing.
-
Scenario 1: You can route all activity tracking events into 1 IBM Cloud Activity Tracker instance.
-
Scenario 2: You can route activity tracking events that are generated in the account to different IBM Cloud Activity Tracker instances, for example, keeping the locality where the event is generated.
-
-
Option 3: You can have a mix scenario where you manage events that are generated by some IBM Cloud services and collected in IBM Cloud Activity Tracker instances in the region where the service is provisioned and IBM Cloud Activity Tracker Event Routing configured to route auditing events in your account to 1 or more destinations by configuring targets and routes that define where activity tracking events are sent.
Options for migration
The IBM Cloud Activity Tracker service is deprecated.
You must migrate your IBM Cloud Activity Tracker instances to IBM Cloud Logs instances.
If you just have IBM Cloud Activity Tracker instances provisioned in your account, you must decide whether you want to keep the current IBM Cloud Activity Tracker architecture and maintain data locality or if you prefer to move to a centralize model where all activity tracking events are collected in a single IBM Cloud Logs instance.
Choose based on your requirements from any of the following options:
Requirement | Migration scenario |
---|---|
Centralize auditing events | Migrate IBM Cloud Activity Tracker instances into 1 IBM Cloud Logs instance |
Data locality required | Migrate IBM Cloud Activity Tracker instances into N IBM Cloud Logs instances, replicating the current IBM Cloud Activity Tracker architecture |
Migrating to a central model
You can manually migrate IBM Cloud Activity Tracker instances into 1 IBM Cloud Logs instance, and configure IBM Cloud Activity Tracker Event Routing in the account.
You can use the migration tool to migrate IBM Cloud Activity Tracker instances into 1 IBM Cloud Logs instance, and configure IBM Cloud Activity Tracker Event Routing in the account.
The following image shows a high-level view of the account after you migrate IBM Cloud Activity Tracker instances from multiple regions in the account into 1 instance of IBM Cloud Logs:
Migrating maintaing data locality
You can use the migration tool to migrate IBM Cloud Activity Tracker instances into N IBM Cloud Logs instances, replicating the current IBM Cloud Activity Tracker architecture. Then, after you have migrated all instances, you can use the migration tool to configure IBM Cloud Activity Tracker Event Routing in the account.
The following image shows a high-level view of the account after IBM Cloud Activity Tracker instances from multiple regions in the account are migrated into multiple instances of IBM Cloud Logs:
Migrating a mix service model
You can have a mix scenario where you manage events that are generated by some IBM Cloud services and collected in IBM Cloud Activity Tracker instances in the region where the service is provisioned, and IBM Cloud Activity Tracker Event Routing configured to route auditing events in your account to 1 or more destinations by configuring targets and routes that define where activity tracking events are sent.
Validating the new architecture
While you migrate and validate the new architecture, you must collect events in your IBM Cloud Activity Tracker instances, same as you currently do now. You must configure IBM Cloud Activity Tracker Event Routing to send activity tracking events to your IBM Cloud Activity Tracker instances with rules that map your current IBM Cloud Activity Tracker architecture in the account. If you fail to configure this route, activity tracking events will stop being routed to your current IBM Cloud Activity Tracker instances.
What IBM Cloud Activity Tracker Event Routing configuration do you need?
- 1 target per IBM Cloud Activity Tracker instance
- 1 target per IBM Cloud Logs instance that is the result of migrating an IBM Cloud Activity Tracker instance
- 1 route to send activity tracking events to your IBM Cloud Activity Tracker instances with rules that map your current IBM Cloud Activity Tracker architecture in the account.
- 1 route to send activity tracking events to your IBM Cloud Logs instances in the account.
Until you have validated the new architecture and you can remove the IBM Cloud Activity Tracker instances from the account, you must continue managing the account through the deprecated services.
For example, your validation configuration in the account should look like the following if you choose a central architecture:
For example, your validation configuration in the account should look like the following if you chose a data locality architecture:
Checklist to plan for migration
Consider these items when you are planning your migration of IBM Cloud Activity Tracker instances in an account:
-
In IBM Cloud Logs, you can query all data that is stored in your configured IBM Cloud Object Storage bucket. You own and maintain the bucket and the data stored in it. A separate archiving solution is not required.
-
The data format of activity tracking events is not changed with the deprecation of the IBM Cloud Activity Tracker service.