Skip to content

Migrating from a self-hosted to a cloud-hosted solution

Introduction

Advantages

There are several advantages to moving from a self-hosted to a cloud-hosted Nanitor Solution. Some of the main benefits include:

  • Much easier to provide you with world-class support
  • Less work for your organization when it comes to supporting your installation
  • Free up internal compute resources (physical server, or virtual machine)
  • No longer responsible for the operating system, or the physical/virtual server, although you will always be responsible for any independent collectors and the machine they run on.
  • Upgrades happen automatically
  • Access to the portal from anywhere, as with all other cloud resources.

Disadvantages

Disadvantages are the same as with any other cloud solution

  • A stable internet connection is required, a slow internet connection could make the solution slow to use.
  • Data processing happens at a vendor's site, instead of your own site.

Cost and Contract differences

Whether you are self-hosted or in the cloud, the Nanitor license cost is the same and there are no contractual differences.

Technical setup in the cloud

When you are hosted in the Nanitor cloud you will have your very own compute node and data storage so your data is absolutely physically separated from other customers. The database for your instance runs directly on your compute instance. We host our cloud instances with a German hosting provider called Hetzner and our servers are in their Nuremberg, Germany data center.

Process

This migration contains the following tasks:

Change LDAP to SSO

If you are using LDAP integration with your instance, you need to upgrade that to cloud-native methods such as ADFS or SAML before you move to the cloud as LDAP integration does not work in the cloud.

Split off the collector

If you have an independent collector on the same machine as the Nanitor server, you might want to move that to a different server. The recommended approach is to move everything to an agent collector.

The process for setting up an agent collector is outlined here Setting up Agent Collector

If you would like to continue using independent collectors, the process for setting up a new collector can be found here Collector Setup. This process of course assumes that you have already set up an appropriate Debian or RedHat based Linux machine for the collector.

Then just move all the existing assets over to the new collector. Here is an article on how to move between collectors

Backup the Nanitor server

We need to start by shutting down the server and taking a backup

First, we need to choose a directory where Nanitor writes the output, there has to be been space available on that partition to write the NBA. In this case, we choose /var/lib because we know there is enough space there. Make sure you have space there on your server or adjust the path to a partition with sufficient space.

sudo /usr/lib/nanitor-server/bin/nanitor-server-ctl systemctl_stop
sudo mkdir -p /var/lib/nanitor/backups
sudo chown nanitor:nanitor /var/lib/nanitor/backups
sudo /usr/lib/nanitor-server/bin/nanitor-server-ctl backup --output_dir /var/lib/nanitor/backups

Send the backup to Nanitor

Confirm the name of the backup file

ls -hal /var/lib/nanitor/backups

Find the most recent backup file, for the sake of this documentation let's say that is /var/lib/nanitor/backups/nanitor-server_backup_20230109133804.tgz.

Now upload that file to Nanitor with

sudo curl -F file=@/var/lib/nanitor/backups/nanitor-server_backup_20230109133804.tgz https://hub.nanitor.com/helper/file

Make sure you adjust the file name accordingly. Send the output from this command to your support contact working with you on this migration

Adjust DNS and Firewall rules

After you have the URL and IP address for your new portal make sure you update the A record in your DNS server for the old server to point to the new IP and that you update your firewall rules to allow all the agents and collectors to communicate with the new portal.