Migration Process and Strategies
The migration process consists of the following 5 steps
- NSB Bringup
- User/Device Segments and Subnets
- Firewall Configuration
- Nile Portal Settings
- Device Migration and Validation
To bring up the Nile Access Service, administrators must complete the following tasks:
Sign up for Nile Service
Create Sites/Buildings/Floors and upload Floor plans
Identify NSB and Sensor Subnet
Configure the uplink IP addresses
Provide the DNS and NTP Server list
Configure the Uplink Router or Firewall or Layer 3 Switch
Firewall - Allow NSB and sensor subnets to communicate over HTTPS, DNS and NTP
Identify User Subnets (e.g., Employee, Guest, Contractor, faculty, staff)
Identify Device Subnets (e.g., Printers, Conference room systems, cameras)
Configure DHCP portals
Configure the RADIUS server
Configure Guest portals
The firewall must be configured to allow or deny communication between users, devices, and external resources. Here's an example:
Log in to the Nile Portal and set up the network. Please see the"settings" section, starting with Setup DHCP, for more details. Once this step is complete the network is fully up and devices can connect to the network
Provide DHCP server details
Provide RADIUS server details
Create segments for users and devices
Create SSIDs
Setup up Access Management rules
Sign up for alerts
Verify Users can authenticate, get an IP address, and pass traffic
Verify devices can authenticate, get an IP address, and pass traffic
Verify the firewall rules
Verify the Nile SLA’s
Verify that the Infrastructure (DHCP/DNS/RADIUS/Internet is being monitored by Nile
Verify that alerts are generated and received
There a two options to migrate a brownfield deployment to the Nile Access Service:
| Define New Subnets | Migrate existing subnets |
|---|---|---|
Phased Migration | Yes | No |
Downtime | No | Yes |
Leverage existing Firewall rule | No | Yes |
Leverage existing DHCP scopes | No | Yes |
This strategy can be adopted when customers want to bring up the Nile Access Service in parallel with their existing network and perform a phased migration of the devices. The migration can be done building by building without disrupting the existing network. This approach requires creating brand-new subnets for existing devices.
As shown in the diagram, all laptops will migrate from VLAN 1 to Segment 1, printers from VLAN 2 to Segment 2, and cameras from VLAN 3 to Segment 3.
This strategy requires removing VLANs from the existing infrastructure and leveraging the subnets on the Nile infrastructure. This strategy is best when the entire site can be migrated during a maintenance window. The primary advantage is that all devices can be migrated in one go.
As seen in the above diagram the old network is decommissioned and the VLAN L3 SVI's are migrated from the old infrastructure to Nile
