uDocs Unicon™

Migration from IGEL OS 11 or Stratodesk NoTouch OS to eLux 7

February 27, 2026

Contributed by:

Migration from IGEL OS 11 or Stratodesk NoTouch OS to eLux® 7

Overview

The igel2elux migration tool enables automated migration of endpoints running IGEL OS 11 or Stratodesk NoTouch OS to eLux 7.

The migration installs eLux directly on the device by creating a temporary recovery environment from which the operating system is deployed.

The migration can be executed:

Centrally through IGEL Universal Management Suite (UMS)
Through Stratodesk NoTouch Center
Locally or from a network location

After migration, the device boots directly into eLux 7.

How the migration works

The migration script must be executed on the device that needs to be migrated, when the migration script is executed:

A temporary recovery partition is created on the local disk.
Migration files are copied to the partition.
The device restarts automatically.
eLux 7 is installed using the specified Image Definition File (IDF).
The device boots into eLux.
Optional onboarding to Scout can occur automatically.

Requirements

Device requirements

Device must boot using UEFI
Legacy BIOS mode is not supported
Network connectivity must be available during migration
Sufficient disk space must exist for the recovery partition

Important:

Devices not booted in UEFI mode cannot be migrated.

Software requirements

Sign in to myelux.com.
Navigate to:

Products & Downloads > Tools > Migration tools
Download the latest igel2elux.zip package.

Perform the migration

Extract the migration tool

From the device to be migrated, unzip the provided migration tool package to a known location on the computer:

unzip igel2elux-<version>.zip -d /tmp/migration_tool
<!--NeedCopy-->

In the above example, /tmp/migration_tool is used as the working directory. The following steps in this article assume all commands are executed from this directory.

Set execute permissions for igel2elux.sh

Simply having the migration script on the device is not sufficient. The script must have executable permissions before it can be run.

After uploading the igel2elux.sh script to the device, set the correct permissions using the following command:

chmod +x igel2elux.sh
<!--NeedCopy-->

Run the migration script

Execute the script:

./igel2elux.sh --url <IDF_URL>
<!--NeedCopy-->

Example:

./igel2elux.sh --url https://repository.example.com/elux/image.idf
<!--NeedCopy-->

The device restarts automatically and begins installation.

Tip:

When executing the migration from IGEL Universal Management Suite (UMS), ensure that read, write, and execute permissions are assigned to both the owner and others for the igel2elux.sh file.

igel2elux.sh command line reference

Usage: igel2elux.sh [--url <URL>] [--proxy <proxy>] [--port <proxyport>] [--archive <URL | local path>] [--noreboot] [--log <logfile>] [–-debug]

Parameter	Description
`--url <URL>`	Define to the relevant software container and the image definition file (IDF) which specifies the scope of the installation
`--proxy <proxy>`	Defines a proxy server
`--port <port>`	Defines the port of the proxy server
`--log <logfile>`	Defines a storage path for the log file. By default, the log file is saved in the same directory as the win2elux tool.
`--noreboot`	Does not restart the system after installation of the recovery image and the boot loader.
`--debug`	writes debug information in `/tmp/`.
`--archive`	Path to igel2elux.zip (URL or local path)

Advanced configuration using RAM disk

A RAM disk configuration can be used when additional configuration is required during migration, such as:

IEEE 802.1X authentication to initiate the first connection to the network during the migration process.
HTTPS repositories requiring certificate trust.
Zero-touch onboarding to Scout Server and Scout Cloud Gateway.

The configuration is provided as a RAM disk archive that must be named 8021conf.xz and included inside the migration package. This archive contains the required configuration for the migration process and is loaded into memory during execution for temporary use by the migration tool. The RAM disk is created as a cpio archive compressed with XZ and must be generated on a Linux-compatible system.

Tip:

You can create the directory structure for each configuration, by extract the example archive 8021conf.xz from the working folder using the following commands.

# mkdir conf && cd conf && xz -cd ../8021conf.xz | cpio -iv
<!--NeedCopy-->

After executing the command above, the directory structure will be created under the conf folder.

Configuring 802.1X authentication for migration

This configuration allows the administrator to initiate device migration when connecting to a network that enforces 802.1X authentication. During the migration process, the device uses a generic certificate, defined in the wpa.conf file, to establish the initial network connection.

After the migration is completed, the device receives a configuration from the Scout Server that defines how it should connect going forward. The device then reconnects to the network using a device-specific certificate and configuration defined in wpa.conf.elux, enabling access to the Scout Server and retrieval of the initial configuration.

Note SCEP use cases:

If SCEP certificate support is required during migration to replace the generic certificate used in the migration process, the custom_scep_renew-1.1.0-1.UC_ELUX7-1.0.zip package must be included to enable the SCEP request. Note:

Only include 802.1X configuration when required. Including it on a migration that will connect to a non-802.1X networks will cause migration failure.

Create the following directory structure with the required files:

.
├── etc
│   └── wpa_supplicant
│       ├── client.key
│       ├── client.pem
│       ├── serverca.key
│       ├── serverca.pem
│       ├── serverca.sig
│       ├── wpa.conf
│       └── wpa.conf.elux
<!--NeedCopy-->

certificate files used by the migration tool to connect to the 802.1x network. The certificates used during and after migration must have the same filename.
wpa.conf is used during migration process.
wpa.conf.elux is applied after the migration to enable eLux to reach the Scout server.

Example configuration for wpa.conf:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
ap_scan=0
network={
    key_mgmt=IEEE8021X
    eapol_flags=0
    eap=TLS
    identity="eLuxMigration"
    ca_cert="/etc/wpa_supplicant/serverca.pem"
    client_cert="/etc/wpa_supplicant/client.pem"
    private_key="/etc/wpa_supplicant/client.key"
    private_key_passwd="PASSWORD_HERE"
}
<!--NeedCopy-->

Example configuration for wpa.conf.elux:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
ap_scan=0
network={
    key_mgmt=IEEE8021X
    eapol_flags=0
    eap=TLS
    identity="eLuxMigration"
    ca_cert="/setup/cacerts/scep/serverca.pem"
    client_cert="/setup/cacerts/scep/client.pem"
    private_key="/setup/cacerts/scep/client.key"
    private_key_passwd="PASSWORD_HERE"
}
<!--NeedCopy-->

After sucessfully migrate the device, the client and server certificates defined above will be deleted from the device.

Adding SSL certificates for migration

This configuration allows the migration tool to trust the web server hosting the IDF image used to prepare the device during migration. If the web server is not trusted, the migration process will fail when attempting to access the website to download the required packages.

To establish HTTPS trust during the migration process, create the following directory structure and add the web server’s root certificate.

.
├── etc
│   └── ssl
│       └── certs
│           ├── sslrootcertificate.pem
<!--NeedCopy-->

Enabling zero-touch onboarding

This configuration automatically onboards the device to the Scout Server or Scout Cloud Gateway, eliminating the need for users to manually enter the server URL and token during the onboarding process.

Create the json file and save as zero_touch_onboarding.json under the following structure:

.
├── user
│   └── setup
│       └── elux
│           ├── zero_touch_onboarding.json
<!--NeedCopy-->

Example of zero_touch_onboarding.json file for onboarding through SCG:

{
  "scgUrl": "scg.example.com",
  "scgToken": "onboarding-token"
}
<!--NeedCopy-->

Example of zero_touch_onboarding.json file for onboarding through Scout Server:

{
  "scgUrl": "scout-server.example.com",
  "scgToken": ""
}
<!--NeedCopy-->

Note:

This configuration applies only to onboarding initiated through the migration tool. After a factory reset, the device will not automatically trigger onboarding again.

Create the RAM disk configuration archive

Generate the RAM disk archive:

./initrd-xz.sh <conf-folder> 8021conf.xz
<!--NeedCopy-->

Example:

./initrd-xz.sh /tmp/migration_tool/conf 8021conf.xz
<!--NeedCopy-->

Tip: (Optional)

In case you can check the content of the 8021conf.xz file, execute the following command: bash xz -dc 8021conf.xz

Add it to the migration package:

zip igel2elux.zip 8021conf.xz
<!--NeedCopy-->

Running the migration script with RAM disk package

Execute the script:

./igel2elux.sh --url <IDF_URL> --archive <igel2elux.zip path or URL>
<!--NeedCopy-->

Example:

./igel2elux.sh --url https://repository.example.com/elux/image.idf --archive igel2elux.zip
<!--NeedCopy-->

The device restarts automatically and begins installation.

Debugging

When calling the igel2elux script to perform the migration, you can enable the debugging by adding the --debug parameter. In case the migration fails due to 802.1X issues, you will be dropped into a debug shell and check for the log file /tmp/wpasupplicant.log for more details and any other log file under /tmp/*.

./igel2elux.sh --debug
<!--NeedCopy-->

Logs are written to:

/tmp/

Example log:

/tmp/wpasupplicant.log

Use debug logs to diagnose:

Network authentication failures
Download issues
Migration interruptions

Result of migration

After successful migration:

eLux replaces the existing operating system.
Temporary migration files are removed, including certificates used for 802.1x authentication when configured.
The device boots directly into eLux.
The device can automatically onboard to Scout if configured.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Migration from IGEL OS 11 or Stratodesk NoTouch OS to eLux 7

February 27, 2026

Contributed by:

February 27, 2026

Contributed by:

Migration from IGEL OS 11 or Stratodesk NoTouch OS to eLux® 7
Overview
How the migration works
Requirements
Perform the migration
igel2elux.sh command line reference
Advanced configuration using RAM disk
Create the RAM disk configuration archive
Running the migration script with RAM disk package
Debugging
Result of migration

Was this helpful

Migration from IGEL OS 11 or Stratodesk NoTouch OS to eLux 7