Installation and Upgrade Guides › SiteMinder Upgrade Guide › Upgrading from CA SiteMinder® r6.x › Migration Considerations
Migration Considerations
If you are migrating from r6.x, consider the following before beginning the migration.
Policy Server Option Pack Support
Policy Server Option Pack (PSOP) features are part of the core Policy Server functionality. Consider the following if you are migrating an r6.x environment that uses PSOP features:
- The PSOP no longer requires a separate upgrade.
- The Policy Server installer backs up the PSOP configuration files and uninstalls the PSOP during the Policy Server upgrade.
- The Policy Server installer installs the latest version of the PSOP during the Policy Server upgrade.
Note: For more information about migrating an r6.x environment that uses PSOP features, see How to Migrate from r6.x.
Crystal Reports in 12.x
The 12.51 Policy Server installer no longer includes the reports files (.rpt) that are compatible with Crystal Reports 9.0. CA SiteMinder® reports are now integrated with the 12.51 Administrative UI. A separate installer is available to install the Report Server. The Report Server is required to schedule and view reports, including the reports available to you in r6.x.
Consider the following:
- You can continue to use the report files with a Crystal Reports server to schedule and view reports during the migration. An 12.51 Policy Server can communicate with an r6.x audit logs database.
- The Policy Server upgrade removes the r6.x reports data source. Create a backup of the r6.x reports data source.
- The last step in the migration is to install the Administrative UI and discontinue use of the r6.x Policy Server User Interface. Once you have completed the migration, you cannot access the report files. Additionally, you cannot access reports that were created using the reports files from the r6.x Policy Server User Interface. If you require access to these reports, we recommend backing them up before discontinuing use of the r6.x Policy Server User Interface.
- You can schedule and view reports that were available to you in r6.x using the 12.51 Administrative UI.
Note: For more information about installing the Report Server, see the Policy Server Installation Guide. For more information about scheduling and viewing reports, see the Policy Server Administration Guide.
Administrator Authentication
This release replaces the Policy Server User interface with the CA SiteMinder® Administrative UI.
By default, the Administrative UI:
Configure an external administrator store connection to:
Certificate Data Management
The certificate data store is replacing the CA SiteMinder® key database (smkeydatabase). If you have one or more smkeydatabases deployed in your environment, consider the following items:
- The certificate data store is collocated with the 12.51 policy store. A single certificate data store replaces the need for an individual smkeydatabase instance on each Policy Server host system.
- As part of a Policy Server upgrade, all smkeydatabase content is automatically backed up and migrated to the certificate data store.
- A 12.51 Policy Server can only communicate with a certificate data store. A 12.51 Policy Server and the respective local smkeydatabase do not operate in compatibility mode. However, all Policy Servers that have not been upgraded continue to communicate with their local version of the smkeydatabase.
Important! If the migration of the smkeydatabase fails, do not return the Policy Server to the environment. Returning the Policy Server after a failed migration causes all transactions that require the certificate data to fail.
- Synchronize all smkeydatabase instances before beginning the migration. Synchronizing all instances helps avoid data collisions. Data collisions prevent a successful migration.
- All Policy Servers that share a common view into the same policy store have access to the same keys, certificates, and certificate revocation lists (CRL).
- The purpose of the certificate data store remains unchanged from the purpose of the smkeydatabase. This store makes the following available to the CA SiteMinder® environment:
- Certificate authority (CA) certificates
- Public and private keys
- Certificate revocation lists
- You can continue to use the CA SiteMinder® key tool to manage the certificate data store. However, several options are deprecated.
Note: For more information, see the Policy Server Release Notes.
- If a CRL is stored in an LDAP directory service, consider the following items:
- CA SiteMinder® no longer requires that the issuer of the CRL is the same CA that issued the corresponding root certificate.
- CA SiteMinder® no longer performs this check. This behavior is consistent with the requirements for a text–based CRL.
Federation Integration
This release replaces the Policy Server User Interface with the Administrative UI. If you were managing Federation Security Services, this functionality is referred to as legacy federation.
The Administrative UI also includes partnership federation. This functionality is specific to the partnership–based federation that CA SiteMinder Federation makes available.
Single Sign–on
You can maintain single sign–on during the migration to 12.51. Consider the following:
- An 12.51 Policy Server can communicate with an r6.x policy store and an r6.x key store.
- An 12.51 Policy Server can communicate with an r6.x session store.
Avoid Policy Store Corruption
To avoid possible policy store corruption, be sure that the server that is hosting policy store is configured to store objects in UTF-8 form.
Note: For more information about configuring your server to store objects in UTF-8 form, see your vendor–specific documentation.
Advanced Password Services
If you have deployed Advanced Password Services, a Policy Server upgrade retains all LANG (translation), CFG (configuration), and mail files. The default 12.51 versions of the files are installed to siteminder_home\samples.
- siteminder_home
-
Specifies the Policy Server installation path.
Copyright © 2015 CA Technologies.
All rights reserved.
|
|