Previous Topic: Upgrade PathsNext Topic: How to Plan a Parallel Upgrade


How to Plan a Migration

Migrating a complex CA SiteMinder® environment involves many component upgrades before the environment is upgraded. A migration strategy is critical so that the migration is completed efficiently and without exposing sensitive resources to security risks or downtime.

A migration strategy can consist of the following:

Review the Policy Server Release Notes

The Policy Server Release Notes includes installation and upgrade considerations. We recommend that you review this material before beginning a migration.

More information:

Installation and Upgrade Considerations

Analyze Your SiteMinder Environment

Analyze your CA SiteMinder® environment to determine the complexity of your migration. Consider the following questions:

Question

Recommendation

How many Policy Server and Agents running in your environment?

Use the Policy Server audit logs to determine the number.

What are the versions of the Policy Server and Agents?

Use the Policy Server audit logs to determine the versions.

Which Policy Servers are communicating with which Web Agents?

Use the Policy Server audit logs to determine this information.

What time of day do you encounter the least traffic at each site?

Review your web server logs and the Policy Server audit logs.

Are your Web Agents working in failover or round robin mode?

To maintain failover and round robin, refer to Mixed CA SiteMinder® Environments.

Are you using single sign–on across the CA SiteMinder® environment?

See this guide for more information about maintaining single sign–on.

Are you using credential collectors for authentication schemes?

See the Web Agent Configuration Guide for more information about using credential collectors in a mixed environment.

Does 12.52 SP1 support your third–party hardware and software?

See the CA SiteMinder® 12.52 SP1 Platform Support Matrix on the Technical Support Site.

Do you have CA SiteMinder® software that Professional Services customized?

Contact Customer Support for instructions.

Do you have access to previous versions of CA SiteMinder® documentation? This guide refers to the previous CA SiteMinder® documentation.

Locate the CA SiteMinder® documentation on the Technical Support Site.

Do you have any customized files that can be overwritten by the upgrade?

Back up customized files before beginning the migration.

The following figure shows CA SiteMinder® components to consider before upgrading:

Graphic showing the Client side and Server side components of SiteMinder

Plan a Recovery Strategy

Implement a recovery plan that lets you recover your original configuration. You cannot revert from a component upgrade or a migration.

Important! The most complete recovery plan is to back up entire image of each Policy Server and Web Agent host. We recommend this method.

If you do not want to back up the entire image of each system, complete the following steps:

More information:

Locate the Installation Media

Mixed SiteMinder Environments

As you migrate to 12.52 SP1, your environment can contain a combination of CA SiteMinder® components at different versions. In addition, you do not have to upgrade all of your components to 12.52 SP1. You can leave some components at the current version. Consider the following items:

Use Mixed-Mode Support

Mixed–mode support lets an 12.52 SP1 Policy Server communicate with an r6.x or an r12.x policy store during a migration. When you upgrade a Policy Server, the Policy Server installer detects that policy store version.

If the policy store is operating at a previous version, the installer upgrades the Policy Server and enables mixed (compatibility) mode. You cannot disable mixed–mode support.

The Policy Server Management Console lets you see what policy store version the 12.52 SP1 Policy Server is using.

Follow these steps:

  1. Start the Policy Server Management Console.
  2. Click the Data tab.
  3. Select Help, About to view the Policy Server version.

    Note: The policy store version is also listed. The policy store version does not match the Policy Server version.

6.x Mixed Mode Support

Consider the following items when migrating from r6.x to 12.52 SP1:

The following figure details r6.x mixed–mode support:

Graphic showing an r6.x common key store deployment

Limitations of a 6.x Mixed Environment

An 12.52 SP1 Policy Server can communicate with an r6.x policy store, but an r6.x Policy Server cannot connect to an 12.52 SP1 policy store. As a result, all existing r6.x features are available in a mixed environment, but the features specific to r12.x and 12.52 SP1 are not available.

Note: For more information about features in r12.x and 12.52 SP1, see the release notes.

r12.x Mixed Mode Support

Consider the following items when migrating from r12.0 SP1 or r12.0 SP2 to 12.52 SP1:

The following figure details mixed–mode support:

Graphic showing an r12.x mixed-mode support deployment

Limitations of an r12.x Mixed Environment

An 12.52 SP1 Policy Server can communicate with an r12.x policy store, but an r12.x Policy Server cannot connect to an 12.52 SP1 policy store. As a result, all existing r12.x features are available in a mixed environment, but the features specific to 12.52 SP1 are not available.

Note: For more information about features in 12.52 SP1, see the release notes.