Transfer CFT configuration synchronization

Available on Transfer CFT 3.2.2 and higher

This section describes how to recover a Transfer CFT configuration if it is lost for any reasons. To recover the configuration, you can synchronize the runtime Transfer CFT configuration with the configuration of the same Transfer CFT that was deployed on Central Governance.

Using a REST API, you pull the configuration available in Central Governance for the Transfer CFT in question and push it to the Transfer CFT. For more information on using the REST API, see Synchronize Transfer CFT configurations.

As a result, all of the Transfer CFT configuration that has the Deployed status in Central Governance is redeployed. This includes the deployed Transfer CFT's static configuration, and any deployed flows that use that specific Transfer CFT. However, configurations that do not have the Deployed status are not deployed.

Note Transfer CFTs z/OS (MVS) have the UCONF copilot.misc.cftstart.enable parameter set to false. This disables the Copilot-controlled Transfer CFT start and stop, because these operations are user controlled on this operating system. If you then set restart=true as the Transfer CFT does not allow this operation, the synchronization is performed, but the Transfer CFT is still not restarted. A corresponding message displays in the command output.

When multiple Transfer CFTs are synchronized using the same REST API command, the command continues until all Transfer CFTs are treated, even if the synchronization fails on one of the Transfer CFTs.

Note Synchronization has no impact on the Transfer CFT Policy status.

Synchronization audits

The synchronization operation sends several audit edits:

  • An event when the synchronization is finished on a Transfer CFT:
    • The Transfer CFT configuration for CFT_NAME finished synchronizing
  • An event when the synchronization is triggered on a Transfer CFT:
    • The Transfer CFT configuration for CFT_NAME will be synchronized
  • An event at the beginning of the operation:
    • The Transfer CFT configuration(s) will be synchronized

Limitations

  • Central Governance does not retrieve private certificate keys that are stored in Transfer CFT prior to the registration. As a consequence, the corresponding certificate chains are not uploaded to Transfer CFT during the synchronization process.
  • Central Governance does not retrieve private SSH keys that are stored in Transfer CFT prior to the registration. As a consequence, the corresponding SSH keys are not uploaded to Transfer CFT during the synchronization process.
  • The SSH public keys from legacy flows are not uploaded to Transfer CFT.
  • Scripts uploaded with legacy flows using Central Governance 1.1.3 SP10 and lower cannot be restored. Therefore, synchronization for these flows cannot be completed; you must manually upload these scripts in Central Governance and redeploy these flows.
  • If there are multiple SSL flows with custom certificates between two Transfer CFTs, and these flows use different protocols, only the last flow to be deployed is fully synchronized. For all other flows, the remote Transfer CFT's custom certificates are not imported into the PKI database.

Synchronization errors

A synchronization request synchronizes all Transfer CFT configurations that do not result in an error. Otherwise, a detailed error message is displayed for any error encountered on any of the Transfer CFTs.

 

 

Central Governance | Document Directory

Related Links