Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Set up, enabling and migrating security > Migration and coexistence – Security considerations


Migrate with Tivoli Access Manager for authentication enabled on multiple nodes

When Tivoli Access Manager security is configured for your existing environment and security is enabled for multiple nodes, you can migrate to WAS, v8.0. Your profiles must be migrated using the migration tools to migrate product configurations.

Do not restart the WAS v8.0 server until after performing the following procedure. The migration tools omit some files that enable the server to start correctly. After migrating your profiles, additional steps are required when Tivoli Access Manager security is configured.

For transitioning users: WAS v8.0 hosts Tivoli Access Manager specific files under the %WAS_HOME%/tivoli/tam directory. In previous versions, these files were hosted under the %WAS_HOME%/java/jre/ hierarchy.trns

In the following steps, %WASX% refers to the installation root of the source WAS product, and %WAS8% refers to the installation root of the target WAS product (the v8.0 installation root).

Migration in a multi-node environment involves migrating individual nodes, starting with the dmgr. The following procedure discuss both the overall migration steps and the host-specific migration steps.


Procedure

  1. For the overall migration steps, do the following:

    1. On the dmgr (host1) perform the host specific migration steps as described in step 2 below.
    2. Start the dmgr.

    3. For each of the application server node/hosts (such as host2, host3 and so on), do the following:

      • Perform the host specific migration steps as described in step 2 below.

      • Start the node-agent and associated application server on the respective host.

  2. For the host specific migration steps, do the following:

    1. Copy the following files from the source location to the target location:

      Files to copy from the source location to the target location. Files to copy from the source location to the target location

      Source Location Target Location
      %WASX%\java\jre\PDPerm.properties %WAS8%\tivoli\tam\PDPerm.properties
      %WASX%\java\jre\lib\security\PdPerm.ks (if found) %WAS8%\tivoli\tam\lib\security\PdPerm.ks
      %WASX%\java\jre\lib\PdPerm.ks (if found) %WAS8%\tivoli\tam\PdPerm.ks
      %WASX%\java\jre\PolicyDirector\PDCA.ks %WAS8%\tivoli\tam\PolicyDirector\PDCA.ks
      %WASX%\java\jre\PolicyDirector\PD.properties %WAS8%\tivoli\tam\PolicyDirector\PD.properties
      %WASX%\java\jre\PolicyDirector\etc\pdjrte_paths %WAS8%\tivoli\tam\PolicyDirector\etc\pdjrte_paths
      %WASX%\java\jre\PolicyDirector\etc\pdjrte_mapping %WAS8%\tivoli\tam\PolicyDirector\etc\pdjrte_mapping

    2. Edit the PD.properties file, and change the following configuration settings: 
      appsvr-plcysvrs=null\:0:\:1
config_type=standalone
      Make the appropriate changes to point to your Tivoli Access Manager Policy Server, for example: 
      appsvr-plcysvrs=pdmgrd.test.gc.au.ibm.com\:7135\:1
config_type=full
    3. Edit the following four files on the target system and make sure that all of the path references are corrected:

      • %WAS8%/tivoli/tam/PdPerm.properties
      • %WAS8%/tivoli/tam/PolicyDirector/PD.properties
      • %WAS8%/tivoli/tam/PolicyDirector/etc/pdjrte_paths
      • %WAS8%/tivoli/tam/PolicyDirector/etc/pdjrte_mapping

      When you correct the paths, complete the following steps in order:

      1. Ensure that all references from %WASX%/java/jre/PolicyDirector are changed to %WAS8%/tivoli/tam/PolicyDirector.
      2. Ensure that all references (in the PdPerm.properties file) from the%WASX%/java/jre/[security]/PdPerm.ks file are changed to %WAS8%/tivoli/tam/pdPerm.ks.
      3. Ensure that all remaining references from %WASX%/java/jre are changed to %WAS8%/java/jre.
      4. Edit the %WAS8%/tivoli/tam/PolicyDirector/etc/pdjrte_mapping file. It contains the JRE->JRE mapping: %WAS8%/java/jre=%WAS8%/java/jre.

        Change this mapping to JRE->tivoli/tam: %WAS8%/java/jre=%WAS8%/tivoli/tam.


What to do next

Also see Migrating with Tivoli Access Manager for authentication enabled on a single node for more information.
Migrate with Tivoli Access Manager for authentication enabled on a single node
Migration and coexistence – Security considerations

+

Search Tips   |   Advanced Search