Migrating from Artifactory To ProGet

2 weeks ago
Ty Reid
6 minutes
Migrating from Artifactory to ProGet
Step-by-Step Guide & Best Practices
Overview
Repositories
Packages
Docker Containers
Self-Managing
Users and Security
Vulnerabilities
Curation
Licenses
Metadata
API Keys
Replication
Backup and Restore
Retention Policies
  • Summary
  • About the Author

    • Migrating from Artifactory To ProGet

    Migrating from JFrog’s Artifactory to Inedo’s ProGet isn’t just about moving your data from one to the other. While both are private package repository managers, they are different enough that migrating will require careful planning to avoid any issues or disruptions. You will also need to adapt to differences in tools, frameworks and practices.

    This doesn’t need to be difficult though. “Migrating from Artifactory to ProGet” will steer you through your migration and facilitate a smooth transition. This guide will outline necessary steps and best practices, ensuring your migration is a successful one!

    Overview of Artifactory and ProGet

    Artifactory and ProGet are both repositories that manage and organize binaries and dependencies. They serve similar purposes, but differ in the implementation of their features and framework.

    JFrog calls Artifactory a “universal artifact repository” that manages file types and uses “repositories” to store artifacts. ProGet on the other hand is a “package repository” that manages packages such as NuGet, npm and PyPI, using “Feeds” (repositories in ProGet) to store these packages.

    Repositories in Artifactory and package feeds in ProGet serve the same purpose but use different file management. Artifactory “artifacts” can be any type of file (.tgz, .jar, etc). The artifact server understands the individual file type properties, but you have to configure rules for any uploaded files to enforce naming conventions and file scans.

    ProGet takes the packages approach. Packages have standard-defined formats like NuGet, npm, etc. They are segregated into their own feeds, giving you more control over code entering or leaving different feeds.

    Docker Image Container Registries

    When it comes to Docker containers, both Artifactory and ProGet act as private Docker registries. ProGet’s feeds can host Docker repositories, which in turn store Docker images.

    Getting Started with ProGet

    Before migration, you’ll need to assess your current Artifactory setup. Take note of:

    Users and groups: The permissions assigned to your users and groups

    Repositories: The repositories you have, and the artifacts they store

    Builds: Any builds you have and their configuration

    License and vulnerability policies: The “Policies” and “Watches” you have set up

    Replication: If configured, the nodes that are currently set up.

    I also recommended creating a migration plan. Set your migration priorities, establish a timeline and prepare for contingencies to minimize any downtime or disruption.

    Now you should be ready to install ProGet. This can be done easily via InedoHub or using Docker for Linux, and can be installed either as a single node or in High Availability.

    Migrating Your Environment

    Now ProGet is up and running, you’ll want to start migrating your Artifactory environment over.

    I recommend starting with your users and groups, and their associated permissions. Like Artifactory, ProGet uses “users”, “groups” and “permissions” to configure access and security. Migrating your Artifactory user base should be quite easy, especially if you’re using LDAP to migrate Active Directory.

    You should also set up any policies you have for vulnerabilities. Similarly to JFrog’s Xray and Curation, ProGet has Software Composition Analysis (SCA) out of the box, scanning packages for vulnerabilities and license information. ProGet categorizes vulnerabilities based on an organizational risk profile you configure, telling you how urgently remediation is needed in your unique environment, automatically assessing vulnerabilities to contain non-compliant packages and prevent them from use.

    You can also configure these policies to manage the licenses of packages used in your projects.

    One last thing you may need to do is create any builds you have in Artifactory by exporting the SBOM and then uploading it in ProGet.

    Maintaining Your ProGet Instance

    You may have automation or workflows in your organization to configure in ProGet. If you’re using API keys for access and automation, you’ll need to set these up. Luckily it’s easy to carry over your current API keys in ProGet.

    Large organizations may also be using replication for edge locations of federated development. This is also straightforward to set up, and can be easily done through the UI.

    While using ProGet it’s important to configure it to keep everything running smoothly, such as setting measures for data security. ProGet has ways to back up and restore, and also and also offers data retention policies and storage solutions.

    Migrating to ProGet Made Easy

    When migrating from Artifactory to ProGet you’ll need to plan ahead and take stock of your repositories, users and other settings. However, migrating doesn’t need to be a struggle. Following each article in this series you’ll understand how everything works in terms you’ll understand as an Artifactory user, making your migration smooth and stress-free. Good luck!

    Leave a Reply0

    Your email address will not be published.