+

Search Tips   |   Advanced Search

 

Migrate with Tivoli Access Manager for authentication enabled on multiple nodes

 

When Tivoli Access Manager security is configured for your existing environment and security is enabled for multiple nodes, you can migrate to WAS, V6.1. Your profiles must be migrated using the tools in Use the migration tools to migrate product configurations.

Do not restart the WebSphere Application Server V6.1 servers until after performing the following procedure. The migration tools omit some files that enable the server to start correctly.

 

Overview

After migrating your profiles additional steps are required when Tivoli Access Manager security is configured.

 

Procedure

  1. On the deployment manager (Host1), copy the following files from the existing directory to a comparable directory in V6.1: 

    %WAS_HOME%\java\jre\PDPerm.properties
%WAS_HOME%\java\jre\lib\security\PdPerm.ks
%WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
%WAS_HOME%\java\jre\PolicyDirector\PD.properties
%WAS_HOME%\java\jre\PolicyDirector\PDJLog.properties

  2. On the deployment manager, edit the PD.properties file and change the following configuration settings: 

    pd-home=C\:\\Program
Files\\WebSphere\\DeploymentManager\\java\\jre\\PolicyDirector pdvar-home=C\:\\Program
Files\\WebSphere\\DeploymentManager\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\WebSphere\\DeploymentManager\\java\\jre
    Make the appropriate changes to point to your Tivoli Access Manager Policy Server, for example: 

    pd-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector pdvar-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre

  3. On the deployment manager, edit the PdPerm.properties file, and change all path names to the correct path name. Change the following configuration settings: 

    pdvar-home=C\:\\Program
Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector baseGroup.PDJv1dugong-v2dugongMessageFileHandler.fileName=C\:\\Program
Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__v1dugong-v2dugong.log
 pdcert-url=file\:/c\:/progra~1/WebSphere/AppServer/java/jre/lib/security/PdPerm.ks
 baseGroup.PDJv1dugong-v2dugongTraceFileHandler.fileName=C\:\\Program
Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__v1dugong-v2dugong.log
 pd-home=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
 java-home=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre

  4. Start the WAS deployment manager.

  5. On Host2, copy the following missing files from the existing directory to a comparable directory in Version 6.1: 

    %WAS_HOME%\java\jre\PDPerm.properties
%WAS_HOME%\java\jre\lib\security\PdPerm.ks
%WAS_HOME%\java\jre\PolicyDirector\PDCA.ks

  6. On Host2, edit the PD.properties file and change the following configuration setting: 

    appsvr-plcysvrs=null\:0:\:1
    Make the appropriate changes to point to your Tivoli Access Manager Policy Server, for example: 

    appsvr-plcysvrs=pdmgrd.test.gc.au.ibm.com\:7135\:1

  7. On Host2, edit the PD.properties file, and change all path names to the correct path name. Change the following configuration settings: 

    pdvar-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector baseGroup.PDJv1dugong-v2dugongMessageFileHandler.fileName=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__v1dugong-v2dugong.log
 pdcert-url=file\:/c\:/progra~1/IBM/WAS/AppServer/java/jre/lib/security/PdPerm.ks
 baseGroup.PDJv1dugong-v2dugongTraceFileHandler.fileName=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__v1dugong-v2dugong.log
 pd-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre config_type=standalone

  8. On Host2, start the node agent and its associated appserver.

  9. Host3, copy the following missing files from the existing directory to a comparable directory in Version 6.1: 

    %WAS_HOME%\java\jre\PDPerm.properties
%WAS_HOME%\java\jre\lib\security\PdPerm.ks
%WAS_HOME%\java\jre\PolicyDirector\PDCA.ks

  10. On Host3, edit the PD.properties file and change the following configuration setting: 

    appsvr-plcysvrs=null\:0:\:1
    Make the appropriate changes to point to your Tivoli Access Manager Policy Server, for example: 

    appsvr-plcysvrs=pdmgrd.test.gc.au.ibm.com\:7135\:1

  11. On Host3, edit the PdPerm.properties file, and change all path names to the correct path name. Change the following configuration settings: 

    pdvar-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector baseGroup.PDJv1dugong-v2dugongMessageFileHandler.fileName=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__v1dugong-v2dugong.log
 pdcert-url=file\:/c\:/progra~1/IBM/WAS/AppServer/java/jre/lib/security/PdPerm.ks
 baseGroup.PDJv1dugong-v2dugongTraceFileHandler.fileName=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__v1dugong-v2dugong.log
 pd-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre config_type=standalone

  12. On Host3, start the node agent and its associated appserver.

 

What to do next

Also see the migration information with Tivoli Access Manager for authentication that is enabled on a single nodes with security enabled.

 

Related concepts


Premigration considerations

 

Related tasks


Migrating with Tivoli Access Manager for authentication enabled on a single node
Use the migration tools to migrate product configurations
Migrating to a V6.1 appserver using the Migration wizard
Migrating, coexisting, and interoperating – Security considerations