-
Notifications
You must be signed in to change notification settings - Fork 14
Architecture Overview
Simone Martorelli edited this page Mar 4, 2026
·
3 revisions
IBM Data Shift is a native macOS application built with SwiftUI that enables secure, peer-to-peer migration of files, applications, and preferences between Mac devices. This document provides an architectural overview for developers, technical administrators, and anyone interested in understanding how the application works.
┌─────────────────────────────────────────────────────────────────┐
│ GitHub Repository │
│ (Source Code & Releases) │
└──────────────────────────────┬──────────────────────────────────┘
│ Download / Updates
▼
┌─────────────────────────────────────────────────────────────────┐
│ macOS Device │
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ IBM Data Shift (SwiftUI Native App) │ │
│ │─────────────────────────────────────────────────────────│ │
│ │ - Runs entirely locally on macOS │ │
│ │ - No external servers required │ │
│ │ - Open-source executable │ │
│ │ - Peer-to-peer network architecture │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
║
║ Encrypted Peer-to-Peer Network
║ (Bonjour Discovery + TLS 1.2+ PSK)
║
┌──────────────────────────────▼───────────────────────────────────┐
│ Second macOS Device │
│ (Source or Destination Device) │
│ │
│ - Same IBM Data Shift app running in opposite mode │
│ - Direct peer-to-peer connection via local network │
│ - TLS-encrypted data transfer (AES-256-GCM) │
│ - Passcode-authenticated connection │
│ - No internet or external servers required │
│ │
└──────────────────────────────────────────────────────────────────┘
Components:
- MigratorApp (SwiftUI): App lifecycle management, window configuration, menu commands
- MainView (SwiftUI): Page navigation controller and migration workflow orchestration
- AppContext: Configuration management, UserDefaults integration, MDM profile settings
Responsibilities:
- Managing the application lifecycle
- Coordinating the migration workflow
- Handling user interface navigation
- Managing configuration and preferences
Key Controllers:
MigrationController (Singleton)
- Central migration orchestration
- State management (discovery → completion)
- Operating mode management (server/browser)
- Progress tracking and reporting
Network Controllers
- NetworkServer: Listener, Bonjour service, passcode authentication
- NetworkBrowser: Discovery, Bonjour browsing, peer-to-peer discovery
- NetworkConnection: Data transfer, framing protocol, protocol handling
Other Controllers
- ArchitectureDetector: Checks application compatibility (Intel vs. Apple Silicon)
- DeviceManagementHelper: Verifies MDM enrollment status
- JamfReconManager: Manages Jamf inventory updates
- MigrationReportController: Generates migration reports
TLS 1.2+ with Pre-Shared Key (PSK)
- Passcode-derived symmetric key (CryptoKit)
- HMAC-SHA384 authentication
- TLS_PSK_WITH_AES_256_GCM_SHA384 cipher
- Build-unique PSK identity
- All data transfer encrypted end-to-end
- No certificates or PKI required
For detailed security information, see the Security Architecture page.
Core Models:
- MigrationItem: Represents items to be migrated
- MigrationOption: Migration mode selection (Lite, Complete, Advanced)
- MigratorFile: File metadata and attributes
- DiscoveredApplication: Application information and compatibility
- MigratorPage: Page navigation state
Network Protocol Models:
- MigratorNetworkProtocol: Custom protocol implementation
- MigratorMessageType: Message type enumeration
- DeviceInfoMessage: Device information exchange
- FileMessage: File data transfer
- DefaultsMessage: User defaults transfer
- SymbolicLinkMessage: Symbolic link handling
Device Management Models:
- ManagedEnvironment: MDM environment configuration
- DeviceManagementState: Device management status
Migration Workflow Views:
- WelcomeView: Initial screen with device role selection
- BrowserView: Discover source device (on destination)
- ServerView: Wait for connection (on source)
- CodeVerificationView: Passcode entry
- MigrationSetupView: Select migration options
- RecapView: Migration summary (optional)
- MigrationView: Migration progress
- AppleIDView: Apple ID login check (optional)
- JamfReconView: Inventory update (optional)
- RebootView: Reboot countdown (optional)
- FinalView: Completion screen
Common UI Components:
- CardButton, CustomAlertView, MigratorFileView
- DeviceListRow, ScrollingTextView
- CustomizableIconView (v1.3.0+)
IBM Data Shift uses a direct peer-to-peer connection model:
- No Central Server: Devices communicate directly without intermediary servers
- Local Network: Discovery and transfer occur on the local network
- Bonjour/mDNS: Service discovery using Apple's Bonjour protocol
- Multiple Transports: Supports both Wi-Fi and Thunderbolt connections
Lite Migration
- Desktop and Documents folders only
- Fast and simple
- Ideal for basic data transfer
Complete Migration
- All applications
- User preferences
- Entire User folder (excluding most of Library)
- Application Support and Preferences from Library
- Comprehensive migration experience
Advanced Selection
- Manual selection of files and applications
- Fine-grained control
- User preferences and Application Support not migrated for selected apps
- Automatic detection of application architecture (Intel vs. Apple Silicon)
- Warns users about incompatible applications
- Options to ignore, review, or migrate anyway
- Prevents issues with architecture-specific applications
Compile-Time Configuration:
- Defined in
AppContext.swift - Requires recompilation to change
- Includes default values and fallbacks
Runtime Configuration:
- Deployed via MDM configuration profiles
- UserDefaults-based settings
- Can be updated without recompiling
- Supports organization-specific customization
- Foundation: File operations and system APIs
- Network: Bonjour, peer-to-peer networking
- AppKit: System integration and native UI elements
- SwiftUI: Modern declarative UI framework
- Combine: Reactive programming for state management
- CryptoKit: Cryptographic operations
- FileManager: File system access and operations
- UserDefaults: Preferences and configuration
- Bonjour/mDNS: Service discovery
- Network.framework: Peer-to-peer connections
- Launch Agents: Post-reboot app restart (when needed)
- Jamf Pro: Inventory updates via recon
- Configuration Profiles: Custom settings deployment
- Managed Preferences: Organization-specific configuration
- PPPC Profiles: Privacy permissions management
- User launches app on both devices
- User selects device role (old/new)
- New device starts NetworkServer (listener)
- Old device starts NetworkBrowser (discovery)
- Bonjour advertises/discovers services
- User selects target device from list
- User enters passcode from new device
- PSK derived from passcode
- TLS connection established
- Devices exchange information
- Connection verified and ready
- User selects migration mode
- App scans source device for files/apps
- Architecture compatibility check (v1.4.0+)
- User reviews and confirms selection
- Files transferred over encrypted connection
- Progress tracked on both devices
- Completion verified
- Apple ID login check (optional)
- System reboot (for Complete migration)
- Jamf inventory update (optional)
- Migration report generation (optional)
- Completion screen
- App name and bundle identifier
- App icons and page icons
- Organization name
- Copyright information
- MDM environment checking
- Post-migration steps (Apple ID, Jamf recon)
- Migration summary page visibility
- Terms & Conditions acceptance
- URL exclusion list (with regex support v1.4.0+)
- Explicit allow list (with regex support v1.4.0+)
- Excluded file extensions
- Excluded file prefixes
- Duplicate file handling policy
- Custom page icons (v1.3.0+)
- Welcome page information display
- Legal document links (T&C, Privacy Policy, Third Party Notices)
For complete customization options, see the App Custom Settings guide.
- 90-95% reduction in RAM usage compared to v1.1.x
- Optimized file discovery algorithms
- Efficient memory management for large migrations
- TCP keepalive for connection stability
- No delay option for reduced latency
- Retry logic with exponential backoff
- Timeout protection for operations
- Streaming file transfer (no full file buffering)
- Efficient file attribute preservation
- Optimized file parser
- Parallel processing where applicable
IBM Data Shift uses GYB (Generate Your Boilerplate) for build-time code generation:
- BuildIdentity.generated.swift.gyb: Generates unique PSK identity per build
- Ensures build isolation and security
- Executed during Xcode build process
- Xcode Unit Tests
- UI Tests
- SwiftLint for code quality
- Pre-commit hooks for code standards
- Archive in Xcode
- Sign with Developer ID Application certificate
- Submit to Apple notarization service
- Export notarized app
- Distribute via MDM or other channels
For detailed distribution instructions, see Sign, Notarize and Distribute the App.
- Security Architecture - Detailed security implementation
- How to Use IBM Data Shift - User guide
- App Custom Settings - Configuration options
- How to Rebrand the App - Customization guide
- PPPC Configuration - Permission setup
For developers and contributors:
- CONTRIBUTING.md - Contribution guidelines
- MAINTAINERS.md - Project maintainers
- CHANGELOG.md - Version history
- Architecture Diagram - Detailed ASCII diagram
Last Updated: 2026-02-20
Document Version: 1.0
Based on IBM Data Shift v1.4.0