Data Collection

As a data sources assessment utility, migVisor is aware of the sensitivity of different secured data types. Therefore, isolating migVisor from such data has been part of the design from the early stages of development.

migVisor Metadata Collector (mMC) runs a set of lightweight queries on the data source which are used to determine how the source is configured and which types of schema objects exist. The queries executed from mMC run solely on catalog and dictionary tables. For example, in an Oracle source, the migVisor Metadata Collector runs queries on v$* and dba_* tables.

mMC does not collect any application or user data. It collects only such data as types of schema objects, object names, server configuration, feature usage, and performance metrics.

The data collection process is fast (usually takes from a few seconds to a few minutes, depending on the complexity and number of objects in the source) and does not require any downtime of the source. Multiple sources can be scanned in parallel.

Types of Data Collected

The table below demonstrates which information is being collected by migVisor and which is not:

Information Type	Collected	Comments/Examples
Application/user data	No	This type of information is excluded from migVisor’s collected data for the sake of privacy and security
Source code object definition (stored procedures/functions)	No	migVisor has access to relevant tables to count how many lines of code but the total count is the information being stored and not any part of the business logic
Passwords	No	This type of information is excluded from migVisor’s collected data for the sake of privacy and security
Metadata about types of schema objects, object names	Yes	Being stored as part of the Feature detection to present where this Feature is being used in the source
DB engine proprietary features being used	Yes	Example: DBMS_RANDOM / UTL_FILE etc.
Servers names	Yes	This is an identifier for the user to recognize the server
Server’s metadata information	Yes	This type of information is needed to support Complexities, Sizing and TCO calculations
DB names	Yes	This is an identifier for the user to recognize the source
DB's metadata information	Yes	This type of information is needed to support Complexities, Sizing and TCO calculations
Performance metrics	Optional	For target sizing planning the user can choose to use performance tables while scanning

Types of Data Stored

While it is clear that the more data migVisor collects, the more insights it can provide, migVisor is designed in a way that limits the data collection only to crucial information that must be collected in order to provide meaningful insights.

Based on our SMEs' extensive hands-on experience in source administration and cloud migrations, the types of data migVisor collects are widely accepted to be “safe to share”.

With that said, to increase the level of confidence migVisor users have regarding scanning and sending collected data, mMC provides an option to scan sources and store the results in a decrypted ZIP file. This allows migVisor’s users to ensure that uploading the collected information to the migVisor console is done in a way that follows the organization's standards and procedures.

Once the data is uploaded to and stored in the user account in migVisor Web Console, migVisor will provide reports and dashboards that will help you plan the migration path most suitable for you.

Once the insights were taken into account and the assessment is over, the user can remove specific sources from the repository in the migVisor console, wipe off all data or remove the profile and all its associated data permanently.

Required Permissions

Scanning by mMC does not require dba/sys/sa or any other system/root-level access to the source. Although it is possible to use a sysdba-type user, it is not required. Instead, we provide scripts that are used to create a separate new user in the sources with specific permissions on the specific tables migVisor needs access to.

These scripts grant only read-only permissions for this user on system catalog tables and the source data dictionary tables and not on any application/user data tables.

By using the custom-created user for source access, you will know exactly which specific tables are being accessed to collect the information we need for migVisor to do the analysis and support the migration assessment.

The migVisor user creation scripts which are used by mMC, present the specific list of source tables that are accessed as part of the scan process.

Below are the GRANT statements included in migVisor’s Getting Started scripts:

DB2 LUW

Script	GRANT on	Statement(s)	Purpose
DB2 LUW	SYSMON	db2 update dbm cfg using SYSMON_GROUP mig_user	Acquire privileges to use the snapshot monitor data during calling admisitrative views.
	CONNECT	GRANT CONNECT ON DATABASE TO USER mig_user;	Acquire privileges to access the database.
	SYSDEFAULTUSERWORKLOAD	GRANT USAGE ON WORKLOAD SYSDEFAULTUSERWORKLOAD TO USER mig_user;	Acquire USAGE privilege on the SYSDEFAULTUSERWORKLOAD if database is running with RESTRICTIVE option.
	NULLID.SYSSH200	GRANT EXECUTE ON PACKAGE NULLID.SYSSH200 TO USER mig_user;	Acquire bind for CLI packages if database is running with RESTRICTIVE option.
	NULLID.SYSSH100	GRANT EXECUTE ON PACKAGE NULLID.SYSSH100 TO USER mig_user;
	NULLID.SYSSN200	GRANT EXECUTE ON PACKAGE NULLID.SYSSN200 TO USER mig_user;
	SYSPROC.*	GRANT EXECUTE ON FUNCTION SYSPROC.* TO USER mig_user;	Acquire privileges to the table functions to retrive metrics and informations about the database.
	SYSCAT.TABLES WHERE TABSCHEMA IN ('SYSIBMADM','SYSCAT','SYSTOOLS','SYSSAT')	BEGIN FOR val AS SELECT trim(TABSCHEMA) \|\| '.' \|\| trim(TABNAME) AS tableName FROM SYSCAT.TABLES WHERE TABSCHEMA IN ('SYSIBMADM','SYSCAT','SYSTOOLS','SYSSAT') DO EXECUTE IMMEDIATE 'GRANT SELECT ON ' \|\| val.tableName \|\| ' TO USER ' \|\| mig_user; END FOR; END;	Acquire privileges to the catalog and administrative views that retrieves metrics and returns the informations about the database.

MySQL

MySQL	.	GRANT PROCESS, REFERENCES, SHOW DATABASES, SHOW VIEW ON .	Acquire `PROCESS, REFERENCES, SHOW DATABASES, SHOW VIEW` privileges to get metadata about database objects, views, processes
	sys.*	GRANT SELECT ON sys.*	Acquire `SELECT` privileges on `sys x$` views in order to get database statistics
	GRANT SELECT ON performance_schema.*	GRANT SELECT ON performance_schema.*	Acquire `SELECT` privileges required to query `performance_schema` related information
	mysql.slave_master_info	GRANT SELECT ON mysql.slave_master_info	Acquire `SELECT` privileges required to query replications related information
	mysql.slave_relay_log_info	GRANT SELECT ON mysql.slave_relay_log_info	Acquire `SELECT` privileges required to query replications related information
	mysql.user	GRANT SELECT ON mysql.user	Acquire `SELECT` privileges required to query users related information
	mysql.proc	GRANT SELECT ON mysql.proc	Acquire `SELECT` privileges required to query stored procedures related information
	.	GRANT SHOW_ROUTINE ON * .*	Acquire `SELECT` privileges required to query stored procedures related information
	.	GRANT EVENT ON . TO	Acquire `SELECT` privileges required to query event objects related information
	.	GRANT TRIGGER ON . TO	Acquire `SELECT` privileges required to query trigger objects related information

Oracle

Script	GRANT on	Statement(s)	Purpose
Oracle	SYS.OBJ$	GRANT SELECT ON SYS.OBJ$ TO mig_user;	Acquire `SELECT` privilege to list all objects in the database.
	SYS.USER$	GRANT SELECT ON SYS.USER$ TO mig_user;	Acquire `SELECT` privilege to list all users in the database.
	SYS.PROCEDUREINFO$	GRANT SELECT ON sys.procedureinfo$ TO mig_user;	Acquire `SELECT` privilege to list all PL/SQL objects in the database.
	CREATE SESSION	GRANT CREATE SESSION TO mig_user;	Acquire `CREATE SESSION` privileges to create a connection to the database
	SELECT_CATALOG_ROLE	GRANT SELECT_CATALOG_ROLE TO mig_user;	Acquire `SELECT` privileges on data dictionary views
Oracle (CDB Common User)	CREATE SESSION	GRANT CREATE SESSION TO c##mig_comm_user;	Acquire `CREATE SESSION` privileges to create a connection to the database
Oracle (CDB Common User)	SELECT_CATALOG_ROLE	GRANT SELECT_CATALOG_ROLE TO c##mig_comm_user;	Acquire `SELECT` privileges on data dictionary views

PostgreSQL

Script	GRANT on	Statement(s)	Purpose
PostgreSQL	REFERENCES ON all tables IN SCHEMA public	GRANT REFERENCES ON all tables IN SCHEMA public TO mig_user;	Acquire `REFERENCES` privileges to get information about tables metadata
	SELECT ON pg_catalog.pg_config	GRANT SELECT ON pg_catalog.pg_config TO mig_user;	Acquire `SELECT` privileges on catalog views to get information about database configuration settings
	EXECUTE ON FUNCTION pg_catalog.pg_config	GRANT EXECUTE ON FUNCTION pg_catalog.pg_config TO mig_user;	Acquire `EXECUTE` privileges on the read-only `pg_catalog.pg_config` function to get information about database configuration settings
	pg_catalog.pg_proc	GRANT SELECT ON pg_catalog.pg_proc TO mig_user;	Acquire `SELECT` privileges on catalog views to get information about functions and procedures
	pg_catalog.pg_namespace	GRANT SELECT ON pg_catalog.pg_namespace TO mig_user;	Acquire `SELECT` privileges on catalog views to get namespaces information
	pg_catalog.pg_hba_file_rules	GRANT SELECT ON pg_catalog.pg_hba_file_rules TO mig_user;	Acquire `SELECT` privileges on catalog views to identify connection authentication settings (e.g. md5, ssl, etc.)
	pg_catalog.pg_roles	GRANT SELECT ON pg_catalog.pg_roles TO mig_user;	Acquire `SELECT` privileges on catalog views to get information about database roles

SQL Server

Script	GRANT on	Statement(s)	Purpose
SQL Server	VIEW SERVER STATE	GRANT VIEW SERVER STATE TO mig_user	Acquire `VIEW SERVER STATE` privileges to view Dynamic Management Objects information
	VIEW ANY DEFINITION	GRANT VIEW ANY DEFINITION TO mig_user	Acquire `VIEW ANY DEFINITION` privileges to view various database objects definitions (DDLs) such as view, stored procedures, triggers, functions and indexes
	SELECT ON dbo.sysaltfiles	GRANT SELECT ON dbo.sysaltfiles TO mig_user	Acquire `SELECT` privileges on database files related information (Required for SQL Server 2000 only)

mMC Connection Details

To establish a connection to sources to be scanned, the mMC saves the connection details provided by the user in a dedicated file per DB Engine, called dbConfig_<DB_ENGINE>.txt e.g. dbConfig_oracle.txt.

Source Credentials

Among other connection properties, mMC requires credentials for authentication purposes while connecting to the source engines.

mMC encompasses an encryption mechanism that makes sure that these credentials are written encrypted to the dbConfig file.

If the user manually edits the dbConfig file and updates the password field in one or more of the connection strings saved in the file to include a password in clear text, upon loading of the mMC, these passwords are encrypted automatically and replace the ones saved in clear text by the user.