Previous Topic: Upgrade an r6.x Web AgentNext Topic: Install the Administrative User Interface for a r6.x Migration


Upgrade an r6.x Policy Store

Upgrading the policy and key store is the third step in the migration process. The following sections detail how to upgrade an r6.x policy and key store to 12.52 SP1.

Options for Upgrading a Policy Store

Two paths exist for upgrading an r6.x policy store to 12.52 SP1. You can:

This guide details the steps for upgrading an existing policy and key store.

If you want to migrate an existing policy store to a 12.52 SP1 policy and key store, follow these steps:

  1. Export the policy and key store data using the r6.x version of smobjexport.

    Note: For more information, see the Policy Server Installation Guide for r6.x.

  2. Create an 12.52 SP1 policy and key store.

    Note: For more information, see the Policy Server Installation Guide.

  3. Import the policy and key store data into the 12.52 SP1 policy and key store using the 12.52 SP1 version of smobjimport.

    Note: For more information, see the Policy Server Administration Guide.

Options for Upgrading a Key Store

Two paths exist for upgrading an r6.x key store to 12.52 SP1. You can:

This guide details the steps for upgrading an existing policy and key store.

If you want to create a stand–alone 12.52 SP1 key store:

  1. Use the r6.x version of smobjexport to export only the agent keys that are stored in the policy store.

    Note: For more information, see the r6.x Policy Server Installation Guide.

  2. Create an 12.52 SP1 key store using the default policy store schema.

    Note: For more information, see the Policy Server Installation Guide.

  3. Use the 12.52 SP1 version of smobjimport to import the agent keys in to the 12.52 SP1 key store.

    Note: For more information, see the Policy Server Administration Guide.

  4. Use the Policy Server Management Console to point the Policy Server to the stand–alone key store.

    Note: For more information, see the Policy Server Management Console Help.

How to Upgrade an r6.x Policy Store

To upgrade an r6.x policy store to 12.52 SP1, complete the following procedures:

  1. Stop all Policy Servers that are communicating with the policy store.
  2. If you have not extended the policy store schema to facilitate a smkeydatabase migration during a Policy Server upgrade, extend the schema.
  3. Import the policy store data definitions.
  4. Import the default policy store objects.

    Note: If you are upgrading a legacy federation environment, there is no change to the Policy Server Option Pack (PSOP) schema.

  5. If you managed your r6.x legacy federation environment using the FSS Administrative UI, run the XPS sweeper utility to complete the migration of your legacy federation objects.
  6. Start all Policy Servers that are communicating with the policy store.

Stop all Policy Severs

Stopping all of the Policy Servers that are communicating with the policy store helps to prevent policy store corruption during the upgrade.

Follow these steps:

  1. Log in to the Policy Server host system.
  2. Complete one of the following steps:
  3. Repeat this procedure for each Policy Server that is communicating with the policy store.

Import the Policy Store Data Definitions

Importing the policy store data definitions defines the types of objects that can be created and stored in the policy store.

Follow these steps:

  1. Open a command window and navigate to siteminder_home\xps\dd.
    siteminder_home

    Specifies the Policy Server installation path.

  2. Run the following command:
    XPSDDInstall SmMaster.xdd
    
    XPSDDInstall

    Imports the required data definitions.

Import the Default Policy Store Objects

Importing the default policy store objects configures the policy store for use with the Administrative UI and the Policy Server.

The default policy store objects exist in the following XML files:

The smpolicy-secure.xml file provides more restrictive security settings than the smpolicy.xml file. Pick only one of the previous files to import the default policy store objects.

Either file configures a new policy store and upgrades an existing store. When imported as part of an upgrade, the file does not overwrite existing default objects that were modified. These objects include the default security settings in the default Agent Configuration Object (ACO) templates.

Importing either file makes legacy federation and Web Service Variables functionality available. These features are separately licensed. If you intend to use the Web Service Variables functionality, contact your CA account representative for licensing information.

Follow these steps:

  1. Open a command line window and navigate to siteminder_home\db.
  2. Import one of the following files:
    –npass

    Specifies that no passphrase is required. The default policy store objects do not contain encrypted data. No passphrase is required to import the default policy store objects.

    The policy store objects are imported.

Make the legacy federation Objects Available in the Administrative UI

If you manage your Federation Security Services (legacy federation) objects using the Policy Server UI, run the XPS sweeper utility to migrate these objects to the Administrative UI.

Follow these steps:

  1. Log in to the Policy Server host system.
  2. Run the following command to make your legacy federation objects available to the Administrative UI:
    XPSSweeper
    

    All legacy federation created using the Policy Server UI are available in the Administrative UI.

    You are ready to proceed to the next stage of the upgrade process, upgrading your Administrative UI.

Start all Policy Servers

Starting all Policy Servers resumes communication between all of the Policy Servers and the upgraded policy store.

Follow these steps:

  1. Log in to the Policy Server host system.
  2. Complete one of the following steps:
  3. Repeat this procedure for each Policy Server that is communicating with the policy store.

The policy store is upgraded.