Previous Topic: How the r12.1 SP3 Migration WorksNext Topic: How a Parallel Upgrade Works


How to Migrate from r12.1 SP3

Complete the following procedures to migrate from r12.x to 12.52:

  1. Review the installation and upgrade considerations in the Policy Server Release Notes.
  2. (Optional) If your environment includes multiple instances of smkeydatabase, synchronize all instances. Part of the Policy Server upgrade includes migrating all content in the smkeydatabase to the certificate data store.
  3. Review the sections in Before You Upgrade the Policy Server.
  4. Upgrade an r12.1 SP3 Policy Server to 12.52.
  5. Upgrade an r12.1 SP3 SOA Agent to 12.52.
  6. Upgrade the remaining r12.1 SP3 Policy Servers and SOA Agents to 12.52, respectively.
  7. Upgrade the r12.1 SP3 policy and key stores to 12.52.
  8. Upgrade the r12.1 SP3 Administrative UI.

More information:

Installation and Upgrade Considerations

More information:

CA SiteMinder® Key Tool

Synchronize Key Database Instances

Synchronize all smkeydatabase instances before beginning the migration to a new version.

Note: Use the smkeytool utility to synchronize the smkeydatabases and resolve all data inconsistencies between smkeydatabase instances. For more information about the smkeytool utility, see the Policy Server Administration Guide.

Previous versions of CA SiteMinder® used a local smkeydatabase to store certificate data. Each Policy Server required its own smkeydatabase. For version 12.52, a centralized certificate data store replaces the local smkeydatabases.

As part of a Policy Server upgrade, the installer automatically backs up the local smkeydatabase and tries to migrate all content to the certificate data store. This process includes a comparison of both stores before starting the migration.

Important! If the migration of the smkeydatabase fails, do not return the Policy Server to the environment. Returning the Policy Server after a failed migration causes all transactions that require the certificate data to fail.

Use the following guidelines to identify and resolve data consistencies among your smkeydatabases:

Important! After you resolve all data inconsistencies, we recommended that you do not modify a smkeydatabase until all migrations are complete.

Upgrade an r12.1 SP3 Policy Server

The following sections detail how to upgrade an r12.1 SP3 Policy Server on Windows and UNIX.

Before You Upgrade

Before you upgrade a Policy Server, consider the following items:

More information:

Locate the Installation Media

Installation Media Names

Required Linux Libraries

Certain library files are required for components operating on Linux operating environments. Failure to install the correct libraries can cause the following error:

java.lang.UnsatisfiedLinkError 

If you are installing, configuring, or upgrading a Linux version of this component, the following libraries are required on the host system:

Red Hat 5.x:

compat–gcc-34-c++-3.4.6-patch_version.I386

libstdc++-4.x.x-x.el5.i686.rpm

Red Hat 6.x:

libstdc++-4.x.x-x.el6.i686.rpm

Additionally, for Red Hat 6.x (64-bit):

Note: All the RPM packages that are required for 64-bit Red Hat 6.x are 32-bit packages.

libXau-1.0.5-1.el6.i686.rpm

libxcb-1.5-1.el6.i686.rpm

compat-db42-4.2.52-15.el6.i686.rpm

compat-db43-4.3.29-15.el6.i686.rpm

libX11-1.3-2.el6.i686.rpm

libXrender-0.9.5-1.el6.i686.rpm

libexpat.so.1 (provided by expat-2.0.1-11.el6_2.i686.rpm)

libfreetype.so.6 (provided by freetype-2.3.11-6.el6_2.9.i686.rpm)

libfontconfig.so.1 (provided by fontconfig-2.8.0-3.el6.i686.rpm)

libICE-1.0.6-1.el6.i686.rpm

libuuid-2.17.2-12.7.el6.i686.rpm

libSM-1.1.0-7.1.el6.i686.rpm

libXext-1.1-3.el6.i686.rpm

compat-libstdc++-33-3.2.3-69.el6.i686.rpm

compat-db-4.6.21-15.el6.i686.rpm

libXi-1.3-3.el6.i686.rpm

libXtst-1.0.99.2-3.el6.i686.rpm

libXft-2.1.13-4.1.el6.i686.rpm

libXt-1.0.7-1.el6.i686.rpm

libXp-1.0.0-15.1.el6.i686.rpm

Korn Shell (ksh) Package Required on Linux

The ksh Korn shell is required during Policy Server installation and upgrade on Linux platforms. Verify that the appropriate version for your Linux environment is installed.

Red Hat 5.x 32-bit

ksh-20100621-12.el5.i386.rpm

Red Hat 5.x 64-bit

ksh-20100621-12.el5.x86_64.rpm

Red Hat 6.x 32-bit

ksh-20100621-16.el6.i686.rpm

Red Hat 6.x 64-bit

ksh-20100621-16.el6.x86_64.rpm

Upgrade a Policy Server on Windows

Follow these steps:

  1. Review Before You Upgrade.
  2. Exit all applications that are running.
  3. Navigate to the installation media.
  4. Double–click installation_media.
    installation_media

    Specifies the name of the Policy Server installation executable.

    The Policy Server installer starts.

    Note: For a list of installation media names, see the Policy Server Release Notes.

  5. Considering the following items when running the installer:
  6. Review the installation settings and click Install.

    The Policy Server is upgraded. The selected components are configured for use with the Policy Server.

More information:

Troubleshoot a Policy Server Upgrade

Installation Media Names

Upgrade a Policy Server Using a GUI on UNIX

Follow these steps:

  1. Review Before You Upgrade.
  2. Exit all applications that are running.
  3. Execute the following script in a ksh shell from the CA SiteMinder® installation directory:
    ../ca_ps_env.ksh
    

    Note: Be sure that there is a space between the periods.

  4. Open a shell and navigate to the installation executable.
  5. Enter the following command:
    ./installation_media
    
    installation_media

    Specifies the name of the Policy Server installer executable.

    The Policy Server installer starts.

    Note: For a list of installation media names, see the Policy Server Release Notes.

  6. Considering the following items when running the installer:
  7. Review the installation settings and click Install.

    The Policy Server is upgraded. The selected components are configured for use with the Policy Server.

  8. Click Done.
  9. Execute the following script in a ksh shell from the CA SiteMinder® installation directory:
    ../ca_ps_env.ksh
    

    Note: Be sure that there is a space between the periods.

More information:

Troubleshoot a Policy Server Upgrade

Installation Media Names

Upgrade a Policy Server on UNIX Using a Console

Follow these steps:

  1. Review Before You Upgrade.
  2. Exit all applications that are running.
  3. Execute the following script in a ksh shell from the CA SiteMinder® installation directory:
    ../ca_ps_env.ksh
    

    Note: Be sure that there is a space between the periods.

  4. Open a shell and navigate to the installation executable.
  5. Enter the following command:
    ./installation_media -i console
    
    installation_media

    Specifies the name of the Policy Server installer executable.

    The Policy Server installer starts.

    Note: For a list of installation media names, see the Policy Server Release Notes.

  6. Considering the following items when running the installer:

    The installer prompts you to select CA SiteMinder® components. Each component is prefixed with a number. Type numbers separated with a comma (,) to select one or more components. Enter only a comma to select none of the features.

  7. Review the installation settings and press Enter.

    The Policy Server is upgraded. The selected components are configured for use with the Policy Server.

  8. Click Done.
  9. Execute the following script in a ksh shell from the CA SiteMinder® installation directory:
    ../ca_ps_env.ksh
    

    Note: Be sure that there is a space between the periods.

More information:

Troubleshoot a Policy Server Upgrade

Installation Media Names

Custom Server–Side Code Requirements

Your Policy Server operating system determines whether recompiling custom server–side code is required. Use the following table to identify the requirement:

Operating System

Required?

Microsoft Windows and UNIX

No. Recompiling the custom code is optional.

Red Hat Linux

Yes.

Upgrade the SDK and recompile the custom code using GCC 3.4.

Troubleshoot a Policy Server Upgrade

If you experience problems during the upgrade:

Upgrade an r12.1 SP3 SOA Agent

Upgrading the r12.1 SP3 SOA Agents in the environment to 12.52 WSS Agents is the second step in the migration process. You can upgrade the SOA Agents in your environment in any order.

Note: CA SiteMinder® Web Services Security r12.1 SP3 SOA Agents can communicate with a 12.52 Policy Server. Therefore, you can upgrade your Policy Server to 12.52 before upgrading SOA agents while continuing to protect resources.

How to Prepare for a SOA Agent Upgrade

Prepare for upgrading a SOA Agent using the following process:

Verify the Policy Server is Configured

Before you upgrade the SOA Agent:

Identify the Required Administrator and Policy Server Object Names

Before upgrading the SOA Agent, you need the following information from the Policy Server administrator.

Identify WSS Agent Requirements

For more information about patches and other WSS Agent requirements, see the respective WSS Agent Guide.

Replace Existing Read-only Files

When you upgrade a SOA Agent, you may see messages asking whether you want to replace read-only files. Select Yes to all.

Upgrade an r12.1 SP3 SOA Agent

Use the 12.52 WSS Agent installer to upgrade a web agent.

Note: For more information about upgrading a SOA agent, see the respective WSS Agent Guide.

How to Upgrade an r12.1 SP3 Policy Store

Complete the following procedures to upgrade an r12.1 SP3 policy store to 12.52:

  1. Stop all Policy Servers that are communicating with the policy store.
  2. Import the policy store data definitions.
  3. Import the default policy store objects.
  4. If you configured policy objects related to generating SAML assertions using the FSS Administrative UI, run the XPS sweeper utility to complete the migration of your legacy federation objects.
  5. Start all Policy Servers that are communicating with the policy store.
Stop all Policy Severs

Stopping all of the Policy Servers that are communicating with the policy store helps to prevent policy store corruption during the upgrade.

Follow these steps:

  1. Log in to the Policy Server host system.
  2. Complete one of the following steps:
  3. Repeat this procedure for each Policy Server that is communicating with the policy store.
Import the Policy Store Data Definitions

Importing the policy store data definitions defines the types of objects that can be created and stored in the policy store.

Follow these steps:

  1. Open a command window and navigate to siteminder_home\xps\dd.
    siteminder_home

    Specifies the Policy Server installation path.

  2. Run the following command:
    XPSDDInstall SmMaster.xdd
    
    XPSDDInstall

    Imports the required data definitions.

Import the Default Policy Store Objects

Importing the default policy store objects configures the policy store for use with the Administrative UI and the Policy Server.

Consider the following items:

Follow these steps:

  1. Open a command window and navigate to siteminder_home\db.
  2. Import one of the following files:

    Note: You use either file to configure a new policy store and upgrade an existing store. When imported as part of an upgrade, the file does not overwrite existing default objects that were modified. Both files include the default policy store objects. These objects include the default security settings in the default Agent Configuration Object (ACO) templates. The secure file provides more restrictive security settings.

    –npass

    Specifies that no passphrase is required. The default policy store objects do not contain encrypted data.

    The default policy store objects are imported.

Run the XPS Sweeper Utility

If you configured policy objects related to generating SAML assertions using the FSS Administrative UI, run the XPS sweeper utility (XPSSweeper) to complete the migration of these objects.

Follow these steps:

  1. Log in to the Policy Server host system.
  2. Run the following command to make available your legacy federation objects to the Administrative UI:
    XPSSweeper
    

    All legacy federation created using the FSS Administrative UI are available in the Administrative UI.

Start all Policy Servers

Starting all Policy Servers resumes communication between all of the Policy Servers and the upgraded policy store.

Follow these steps:

  1. Log in to the Policy Server host system.
  2. Complete one of the following steps:
  3. Repeat this procedure for each Policy Server that is communicating with the policy store.

The policy store is upgraded.

How to Upgrade an r12.1 SP3 Administrative UI

Complete the following procedures to upgrade an r12.1 SP3 Administrative UI to 12.52 on Windows and UNIX.

  1. Verify that you are prepared for the upgrade
  2. Verify that required libraries are present on Linux systems
  3. Upgrade the Administrative UI on Windows
  4. Upgrade the Administrative UI on UNIX using a GUI
  5. Upgrade the Administrative UI on UNIX using a console
Before You Upgrade

Consider the following items before you upgrade the Administrative UI:

More information:

Locate the Installation Media

Installation Media Names

Required Linux Libraries

Certain library files are required for components operating on Linux operating environments. Failure to install the correct libraries can cause the following error:

java.lang.UnsatisfiedLinkError 

If you are installing, configuring, or upgrading a Linux version of this component, the following libraries are required on the host system:

Red Hat 5.x:

compat–gcc-34-c++-3.4.6-patch_version.I386

libstdc++-4.x.x-x.el5.i686.rpm

Red Hat 6.x:

libstdc++-4.x.x-x.el6.i686.rpm

Additionally, for Red Hat 6.x (64-bit):

Note: All the RPM packages that are required for 64-bit Red Hat 6.x are 32-bit packages.

libXau-1.0.5-1.el6.i686.rpm

libxcb-1.5-1.el6.i686.rpm

compat-db42-4.2.52-15.el6.i686.rpm

compat-db43-4.3.29-15.el6.i686.rpm

libX11-1.3-2.el6.i686.rpm

libXrender-0.9.5-1.el6.i686.rpm

libexpat.so.1 (provided by expat-2.0.1-11.el6_2.i686.rpm)

libfreetype.so.6 (provided by freetype-2.3.11-6.el6_2.9.i686.rpm)

libfontconfig.so.1 (provided by fontconfig-2.8.0-3.el6.i686.rpm)

libICE-1.0.6-1.el6.i686.rpm

libuuid-2.17.2-12.7.el6.i686.rpm

libSM-1.1.0-7.1.el6.i686.rpm

libXext-1.1-3.el6.i686.rpm

compat-libstdc++-33-3.2.3-69.el6.i686.rpm

compat-db-4.6.21-15.el6.i686.rpm

libXi-1.3-3.el6.i686.rpm

libXtst-1.0.99.2-3.el6.i686.rpm

libXft-2.1.13-4.1.el6.i686.rpm

libXt-1.0.7-1.el6.i686.rpm

libXp-1.0.0-15.1.el6.i686.rpm

Upgrade the Administrative UI on Windows

Be sure that you extracted the prerequisite installer executable into the same directory that you extracted the Administrative UI installer. The installers must be in the same location so that the layout.properties file, included with the Administrative UI installation zip, is co-located with both executables.

If you move the prerequisite or Administrative UI installation media after extracting the zips, move the executables and the layout.properties file to the same location. Both executables and the layout.properties file must be co-located or the stand-alone installation fails.

Upgrading the Administrative UI requires that you run a prerequisite installer and the Administrative UI installer.

Follow these steps:

  1. Exit all applications that are running.
  2. Stop the application server that is hosting the Administrative UI.

    Note: For more information about stopping the application server, see the r12.x Policy Server Installation Guide.

  3. Run the following executable:
    adminui-pre-req-version-cr-win32.exe
    
  4. Follow the prerequisite installer prompts.
  5. Run the following executable:
    ca-adminui-version-cr-win32.exe
    
  6. Follow the installer prompts and confirm the upgrade of the Administrative UI.
  7. Review the installation settings and click Install.

    The Administrative UI is upgraded.

Upgrade the Administrative UI on UNIX

Be sure that you extracted the prerequisite installer executable into the same directory that you extracted the Administrative UI installer. The installers must be in the same location so that the layout.properties file, included with the Administrative UI installation zip, is co-located with both executables.

If you move the prerequisite or Administrative UI installation media after extracting the zips, move the executables and the layout.properties file to the same location. Both executables and the layout.properties file must be co-located or the stand-alone installation fails.

You can upgrade the Administrative UI in GUI or console mode.

Follow these steps:

  1. Exit all applications that are running.
  2. Stop the application server that is hosting the Administrative UI.

    Note: For more information about stopping the application server, see the r12.x Policy Server Installation Guide.

  3. Open a shell and navigate to one of the following prerequisite installation executables:
    adminui-pre-req-version-cr-linux.bin
    adminui-pre-req-version-cr-sol.bin
    
  4. Enter the command for the appropriate mode:
    GUI Mode
    ./prerequisite_installation_media
    
    Console Mode
    ./prerequisite_installation_media -i console
    
  5. Follow the prerequisite installer prompts.
  6. Open a shell and navigate to one of the following installation executables:
    ca-adminui-version-cr-linux.bin
    
    ca-adminui-version-cr-sol.bin
    
  7. Enter the command for the appropriate mode:

    GUI Mode

    ./installation_media
    
    Console Mode
    ./installation_media -i console
    
  8. Follow the prompts and confirm the upgrade of the Administrative UI.
  9. Review the installation settings and click Install.
  10. Start the application server that is hosting the Administrative UI.

    Note: For more information about starting the application server, see the 12.52 Policy Server Installation Guide.

    The Administrative UI is upgraded.

Upgrade the Administrative UI on UNIX Using a Console

Be sure that you extracted the prerequisite installer executable into the same directory that you extracted the Administrative UI installer. The installers must be in the same location so that the layout.properties file, included with the Administrative UI installation zip, is co-located with both executables.

If you move the prerequisite or Administrative UI installation media after extracting the zips, move the executables and the layout.properties file to the same location. Both executables and the layout.properties file must be co-located or the stand-alone installation fails.

Upgrading the Administrative UI requires that you run a prerequisite installer and the Administrative UI installer.

Follow these steps:

  1. Exit all applications that are running.
  2. Stop the application server that is hosting the Administrative UI.

    Note: For more information about stopping the application server, see the r12.x Policy Server Installation Guide.

  3. Open a shell and navigate to one of the following prerequisite installation executables:
    adminui-pre-req-version-cr-linux.bin
    adminui-pre-req-version-cr-sol.bin
    
  4. Enter the following command:
    ./prerequisite_installation_media -i console
    
  5. Follow the prerequisite installer prompts.
  6. Open a shell and navigate to one of the following installation executables:
    ca-adminui-version-cr-linux.bin
    ca-adminui-version-cr-sol.bin
    
  7. Enter the following command:
    ./installation_media -i console
    
  8. Follow the prompts and confirm that the installer can upgrade the Administrative UI.
  9. Review the installation settings and press Enter.
  10. Start the application server that is hosting the Administrative UI.

    Note: For more information about starting the application server, see the 12.52 Policy Server Installation Guide.

    The Administrative UI is upgraded.