Upgrading the policy and key store is the third step in the migration process. The following sections detail how to upgrade an r6.x policy and key store to 12.52 SP1.
Two paths exist for upgrading an r6.x policy store to 12.52 SP1. You can:
This guide details the steps for upgrading an existing policy and key store.
If you want to migrate an existing policy store to a 12.52 SP1 policy and key store, follow these steps:
Note: For more information, see the Policy Server Installation Guide for r6.x.
Note: For more information, see the Policy Server Installation Guide.
Note: For more information, see the Policy Server Administration Guide.
Two paths exist for upgrading an r6.x key store to 12.52 SP1. You can:
This guide details the steps for upgrading an existing policy and key store.
If you want to create a stand–alone 12.52 SP1 key store:
Note: For more information, see the r6.x Policy Server Installation Guide.
Note: For more information, see the Policy Server Installation Guide.
Note: For more information, see the Policy Server Administration Guide.
Note: For more information, see the Policy Server Management Console Help.
To upgrade an r6.x policy store to 12.52 SP1, complete the following procedures:
Note: If you are upgrading a legacy federation environment, there is no change to the Policy Server Option Pack (PSOP) schema.
Stop all Policy Severs
Stopping all of the Policy Servers that are communicating with the policy store helps to prevent policy store corruption during the upgrade.
Follow these steps:
install_path/siteminder/stop-all
Specifies the Policy Server installation path.
Import the Policy Store Data Definitions
Importing the policy store data definitions defines the types of objects that can be created and stored in the policy store.
Follow these steps:
Specifies the Policy Server installation path.
XPSDDInstall SmMaster.xdd
Imports the required data definitions.
Import the Default Policy Store Objects
Importing the default policy store objects configures the policy store for use with the Administrative UI and the Policy Server.
The default policy store objects exist in the following XML files:
The smpolicy-secure.xml file provides more restrictive security settings than the smpolicy.xml file. Pick only one of the previous files to import the default policy store objects.
Either file configures a new policy store and upgrades an existing store. When imported as part of an upgrade, the file does not overwrite existing default objects that were modified. These objects include the default security settings in the default Agent Configuration Object (ACO) templates.
Importing either file makes legacy federation and Web Service Variables functionality available. These features are separately licensed. If you intend to use the Web Service Variables functionality, contact your CA account representative for licensing information.
Follow these steps:
XPSImport smpolicy.xml -npass
XPSImport smpolicy-secure.xml -npass
Specifies that no passphrase is required. The default policy store objects do not contain encrypted data. No passphrase is required to import the default policy store objects.
The policy store objects are imported.
Make the legacy federation Objects Available in the Administrative UI
If you manage your Federation Security Services (legacy federation) objects using the Policy Server UI, run the XPS sweeper utility to migrate these objects to the Administrative UI.
Follow these steps:
XPSSweeper
All legacy federation created using the Policy Server UI are available in the Administrative UI.
You are ready to proceed to the next stage of the upgrade process, upgrading your Administrative UI.
Start all Policy Servers
Starting all Policy Servers resumes communication between all of the Policy Servers and the upgraded policy store.
Follow these steps:
install_path/siteminder/start-all
Specifies the Policy Server installation path.
The policy store is upgraded.
Copyright © 2014 CA.
All rights reserved.
|
|