Previous Topic: Troubleshooting: CA SiteMinder Installation FailsNext Topic: Upgrade the CA Identity Management Server

Upgrade GuideHow to Upgrade CA CloudMinderUpgrade the CA Secure Proxy Server

Upgrade the CA Secure Proxy Server

After you upgrade the CA SiteMinder Policy Server, upgrade the CA Secure Proxy Server.

Follow these steps:

  1. Verify that a backup of the /tmp/properties.sh file from the previous version exists.
  2. SSH into the machine to be upgraded.
  3. Set the following property in the properties.sh:

    Set # Host Configuration Object to match the _hco_name_ value set in the SiteMinder Policy Server.

    _hco_name=DefaultHostSettings; export _hco_name
  4. Unzip the new kit, for the machine being upgraded into the root file system folder: 
    cd / 

    unzip -o CAM-SPS_kit-version.zip
  5. Update the tmp/properties.sh file in the kit with information from the backup version of properties.sh:
    1. Diff the original properties.sh file and the temp/properties file by entering the following command: 
      diff /serverkit/properties.sh /tmp/properties.sh
    2. Make appropriate changes to the /tmp/properties.sh file as required.
  6. Run the upgrade by running the following commands:

Note: If this directory has a file named upgradeBackupList.sh, it will have an environment variable named BACKUP_LIST. This variable is an array of file names that will be backed up before the upgrade, and then restored after the upgrade. You may add or remove file names from this list as necessary.

cd /opt/CA/saas/repo/application/

./appliance_local.sh   config

Note: If your internal and external hostnames are different from SPS, you must set redirectrewritablehostnames="internalname.ca.com, externalname.ca.com" in /opt/CA/secure-proxy/proxy-engine/conf/server.conf.

7. Repeat steps 1-6 for each Secure Proxy Serve node.

8. Restart the CA Secure Proxy Server using the following commands:

service s98sps stop

service s98sps start

Upgrade Verification

  1. Putty to the CA Secure Proxy Server ensure services are running.
  2. Enter the following command: 
    ps -ef|grep httpd

    You should see a message similar to the following:

    /opt/CA/secure-proxy/httpd/bin/httpd -d /opt/CA/secure-proxy/httpd -k start

  3. Verify you can log into a tenant environment through the Secure Proxy Server. If you cannot log into a tenant environment, restart the Secure Proxy Server as follows: 
    service s98sps stop

    service s98sps start