Tuesday, January 8, 2013

Migration/Upgrade From Siteminder Older Version to R12 SP3


Below are steps for migrating Siteminder from Older Version to R12 SP3: 

Upgrade can be done in two ways.
  • Migration
  • Parallel Environment Creation 

About Migration: 
  • Migration is a simple process in which we need to take individual components offline, upgrade and make it online.
  • During Migration remaining components can communicate with other version components and this is knows as mixed mode support (so there wont be any problem even we do components upgrade individually) 
About Parallel Upgrade:
  • Need to create another environment with R12 SP3 (if upgrading to R12 SP3) leaving existing environment unchanged. 
  • Use common Keystore for both enviroment to make Single -Sign on between both environments (As if keys differ automatically there will be conflict in encryption and decryption) 

Planning Migration: 
  • List all the components that need to upgraded
  • Make Recovery plan (by taking VM Snap shot or any other backup procedure) 
  • Check the compatibility of new version with old version for mixed mode. 
  • In mixed mode environment containing a combination of r12.0 SP1 or r12.0 SP2 components,r12.0 SP3 Policy Servers can continue to communicate with r12.0 SP1 or r12.0 SP2 policy stores.
Planning Parallel Upgrade: 
  • Parallel Upgrade involves installing/configuring new environment (may include installation of one or more policy server, webagent, WAM UI, & Policy Store)
  • Install new Policy Server R12 SP3 
  • If you are upgrading from r12.x, use XPSExport(use smobjexport for R6.x) to export data from the r12.x policy storeIf you are upgrading from r12.x, use XPSExport to export data from the r12.x policy store
  • If you are upgrading from r12.x, use XPSImport(use smobjimport for R6.x) to import the r12.x policy store data into the r12.0 SP3 policy store
  • Un-install R6.x or R12.x
Upgrading from R12.x to R12 SP3:

Optional Pack Support:
  • For Policy server, No need to upgrade PSOP separately, it will get updated automatically with Policy server. 
  • For Webagent, Before upgrading Webagent Optional Pack (WAOP) webagent need to be upgraded to R12 SP3. 
FSS UI Upgrade:
  • A SiteMinder key database (smkeydatabase) is a required component. You can create a key database during the Policy Server upgrade. You can also use the Policy Server Configuration Wizard to create a key database after you upgrade the Policy Server.
  • A registered FSS Administrative UI is a required component. Although part of your core r12.0 SP1 environment, the FSS Administrative UI must be registered with a Policy Server before it can be used. If you intended on managing SiteMinder Federation Security Services, register the FSS Administrative UI after upgrading the policy store and the Administrative UI.
Admin UI:
  • If you are not using embedded JBoss for WAM UI then uninstall the existing WAMUI and do standalone installation of new version. 
Policy Store: 

To avoid possible policy store corruption, Make sure that the server that is hosting policy store is configured to store objects in UTF-8 form.


If you want to continue single-sing on during Migration following 2 steps need to be considered. 
  1. An r12.0 SP3 Policy Server can communicate with an r12.0 SP1 or an r12.0 SP2 policy store and an r12.0 SP1 or an r12.0 SP2 key store.
  2. An r12.0 SP3 Policy Server can communicate with an r12.0 SP1 or an r12.0 SP2 session store.

Migration Working: 
  • First step is to not upgrade all policy servers at a time. If we have 4 policy servers we need to remove one by one policy server and upgrade(remove from load balancing or fail over during upgrade). Continue the above strategy until all components gets completed.  
  • Upgrade an r12.x Policy Server to r12.0 SP3.
  • Upgrade an r12.x Web Agent to r12.0 SP3.
  • Upgrade the remaining r12.x Policy Servers and Web Agents to r12.0 SP3, respectively.
  • Upgrade the r12.x policy and key stores to r12.0 SP3.
  • Upgrade the r12.x Administrative UI
You can refer Upgrade steps directly in the document. They are pretty straight forward. 


Thanks !!! 


Other Posts