Previous Topic: SiteMinder DocumentationNext Topic: How to Plan a Parallel Upgrade


How to Plan a Migration

Migrating a complex CA SiteMinder® environment involves many component upgrades before the environment is upgraded. A migration strategy is critical so that the migration is completed efficiently and without exposing sensitive resources to security risks or downtime.

A migration strategy can consist of the following:

Review the Policy Server Release Notes

The Policy Server Release Notes includes installation and upgrade considerations. We recommend that you review this material before beginning a migration.

More information:

Installation and Upgrade Considerations

Analyze Your CA SiteMinder® Web Services Security Environment

Analyze your CA SiteMinder® Web Services Security environment to determine the complexity of your upgrade. Do this by answering the following questions:

Question

Recommendation

How many Policy Servers and SOA Agents are in your environment?

Use the Policy Server audit logs to determine the number.

What are the versions of the Policy Server and SOA Agents?

Use the Policy Server audit logs to determine the versions.

Which Policy Servers are communicating with which SOA Agents?

Use the Policy Server audit logs to determine this information.

What time of day do you encounter the least traffic at each site?

Review your web and application server logs and the Policy Server audit logs.

Are your SOA Agents working in failover or round robin mode?

To maintain failover and round robin, refer to Mixed CA SiteMinder® Environments.

Does CA SiteMinder® Web Services Security12.52 support your third–party hardware and software?

Go to the Technical Support site and search for the CA SiteMinder® Platform Matrix for 12.52.

Do you have CA SiteMinder® software customized by Professional Services?

Contact Customer Support for instructions.

Do you have access to previous versions of the CA SiteMinder® Web Services Security user documentation? This guide refers to the previous CA SiteMinder® documentation.

Locate the CA SiteMinder® documentation on the Technical Support Site.

Do you have any customized files that may be overwritten by the upgrade?

Back up customized files, such as Host configuration files before upgrading.

More information:

Locate the Platform Support Matrix

Locate the Bookshelf

Plan a Recovery Strategy

Implement a recovery plan that lets you return to your original configuration. You cannot revert from a component upgrade or migration.

Important! The most complete recovery plan is to back up the entire image of each Policy Server and SOA Agent host. We recommend this method.

If you do not want to back up the entire image of each system, do the following:

More information:

Locate the Installation Media

Determine the Upgrade Path

The following table lists the supported upgrade paths for a migration to 12.52:

Mixed Environments

As you migrate to CA SiteMinder® Web Services Security 12.52, your environment can contain a combination of components at different versions. In addition, you do not have to upgrade all of your components to 12.52. You can leave some components at the current version. Consider the following:

Use Mixed-Mode Support

Mixed-mode support lets a CA SiteMinder® 12.52 Policy Server communicate with a CA SOA Security Manager r12.1 SP3 policy store during a migration. When you upgrade a Policy Server, the Policy Server installer detects that policy store version. If the policy store is operating at a previous version, the installer upgrades the Policy Server and enables mixed (compatibility) mode.

Note: You cannot turn mixed-mode off.

The Policy Server Management Console lets you see what policy store version the 12.52 Policy Server is using.

Note: The CA SOA Security Manager r12.1.SP3 Policy Server is an extended version of the SiteMinder r12.0 SP3 Policy Server. The CA SiteMinder® 12.52 Policy Server includes all the SOA Security Manager extensions. The Management Console identifies SiteMinder rather than CA SiteMinder® Web Services Security Policy Server and Policy Store version numbers.

To identify the policy store version

  1. Start the Policy Server Management Console.
  2. Click the Data tab.
  3. Select Help, About.

    The About the Policy Server Management Console screen appears. The Policy Server version is listed.

Note: The policy store version is also listed. The policy store version does not match the Policy Server version.

SOA Security Manager r12.1 SP3 Mixed Mode Support

Consider the following when migrating from r12.1to 12.52:

The following illustration details mixed mode support:

Diagram showing mixed-mode-support

Limitations of an r12.1 SP3 Mixed Environment

A CA SiteMinder® 12.52 Policy Server can communicate with a CA SOA Security Manager r12.1 SP3 policy store, but a CA SOA Security Manager r12.1 SP3 Policy Server cannot connect to a CA SiteMinder® 12.52 policy store. As a result, all existing SOA Security Manager r12.1 SP3 features are available in a mixed environment, but the features specific to 12.52 are not available.

Note: For more information about features in 12.52, see the release notes.