Migrating a complex CA SiteMinder® environment involves many component upgrades before the environment is upgraded. A migration strategy is critical so that the migration is completed efficiently and without exposing sensitive resources to security risks or downtime.
A migration strategy can consist of the following:
Perform a test migration to become familiar with the process. A test migration can help you identify, troubleshoot, and avoid issues that can bring down mission-critical resources when you migrate a production environment.
Determine if 12.52 supports your current third-party products and hardware.
Note: For a list of supported CA and third-party components, refer to the CA SiteMinder® 12.52 Platform Support Matrix on the Technical Support site.
Determine the current state of your CA SiteMinder® environment and when it is the best time to update each component.
List the individual CA SiteMinder® components that you plan on upgrading and identify where each component is being hosted.
Back up your existing components in the case you experience problems during the migration.
Determine the individual component upgrade paths supported by a migration.
Develop an understanding of mixed mode support.
Develop a strategy to performance test the environment when the migration is complete.
The Policy Server Release Notes includes installation and upgrade considerations. We recommend that you review this material before beginning a migration.
Analyze your CA SiteMinder® Web Services Security environment to determine the complexity of your upgrade. Do this by answering the following questions:
Question |
Recommendation |
---|---|
How many Policy Servers and SOA Agents are in your environment? |
Use the Policy Server audit logs to determine the number. |
What are the versions of the Policy Server and SOA Agents? |
Use the Policy Server audit logs to determine the versions. |
Which Policy Servers are communicating with which SOA Agents? |
Use the Policy Server audit logs to determine this information. |
What time of day do you encounter the least traffic at each site? |
Review your web and application server logs and the Policy Server audit logs. |
Are your SOA Agents working in failover or round robin mode? |
To maintain failover and round robin, refer to Mixed CA SiteMinder® Environments. |
Does CA SiteMinder® Web Services Security12.52 support your third–party hardware and software? |
Go to the Technical Support site and search for the CA SiteMinder® Platform Matrix for 12.52. |
Do you have CA SiteMinder® software customized by Professional Services? |
Contact Customer Support for instructions. |
Do you have access to previous versions of the CA SiteMinder® Web Services Security user documentation? This guide refers to the previous CA SiteMinder® documentation. |
Locate the CA SiteMinder® documentation on the Technical Support Site. |
Do you have any customized files that may be overwritten by the upgrade? |
Back up customized files, such as Host configuration files before upgrading. |
Implement a recovery plan that lets you return to your original configuration. You cannot revert from a component upgrade or migration.
Important! The most complete recovery plan is to back up the entire image of each Policy Server and SOA Agent host. We recommend this method.
If you do not want to back up the entire image of each system, do the following:
If you intend to manage Agents centrally from a 12.52 Policy Server, you need to supply the Agent configuration file to the Policy Server administrator. The Administrator will need this file to create an Agent Configuration Object, which defines the Agent’s configuration at the Policy Server.
Note: More information about centrally managing SOA Agents exists in the CA SiteMinder® Web Services Security Policy Configuration Guide.
The following table lists the supported upgrade paths for a migration to 12.52:
Note: The CA SOA Security Manager r12.1.SP3 Policy Server is an extended version of the SiteMinder r12.0 SP3 Policy Server. The CA SiteMinder® 12.52 Policy Server includes all the SOA Security Manager extensions.
Note: The CA SOA Security Manager r12.1.SP3 Administrative UI is an extended version of the SiteMinder r12.0 SP3 Policy Server. The CA SiteMinder® 12.52 Administrative UI includes all the SOA Security Manager extensions.
As you migrate to CA SiteMinder® Web Services Security 12.52, your environment can contain a combination of components at different versions. In addition, you do not have to upgrade all of your components to 12.52. You can leave some components at the current version. Consider the following:
Mixed-mode support lets a CA SiteMinder® 12.52 Policy Server communicate with a CA SOA Security Manager r12.1 SP3 policy store during a migration. When you upgrade a Policy Server, the Policy Server installer detects that policy store version. If the policy store is operating at a previous version, the installer upgrades the Policy Server and enables mixed (compatibility) mode.
Note: You cannot turn mixed-mode off.
The Policy Server Management Console lets you see what policy store version the 12.52 Policy Server is using.
Note: The CA SOA Security Manager r12.1.SP3 Policy Server is an extended version of the SiteMinder r12.0 SP3 Policy Server. The CA SiteMinder® 12.52 Policy Server includes all the SOA Security Manager extensions. The Management Console identifies SiteMinder rather than CA SiteMinder® Web Services Security Policy Server and Policy Store version numbers.
To identify the policy store version
The About the Policy Server Management Console screen appears. The Policy Server version is listed.
Note: The policy store version is also listed. The policy store version does not match the Policy Server version.
Consider the following when migrating from r12.1to 12.52:
The following illustration details mixed mode support:
A CA SiteMinder® 12.52 Policy Server can communicate with a CA SOA Security Manager r12.1 SP3 policy store, but a CA SOA Security Manager r12.1 SP3 Policy Server cannot connect to a CA SiteMinder® 12.52 policy store. As a result, all existing SOA Security Manager r12.1 SP3 features are available in a mixed environment, but the features specific to 12.52 are not available.
Note: For more information about features in 12.52, see the release notes.
Copyright © 2013 CA.
All rights reserved.
|
|