Migrate with TAM for authentication enabled on multiple nodes
When TAM security is configured for the existing environment and security is enabled for multiple nodes, we can migrate to WAS, V 6.1.
Do not restart the WAS V 7.0 servers until after performing the following procedure. The migration tools omit some files that enable the server to start correctly.
After migrating the profiles, additional steps are required when TAM security is configured.
- On the dmgr (Host1), copy the following files from the existing directory to a comparable directory in V6.1:
%WAS_HOME%\java\jre\PDPerm.properties %WAS_HOME%\java\jre\lib\security\PdPerm.ks %WAS_HOME%\java\jre\PolicyDirector\PDCA.ks %WAS_HOME%\java\jre\PolicyDirector\PD.properties %WAS_HOME%\java\jre\PolicyDirector\PDJLog.properties- On the dmgr, edit the PD.properties file and change the following settings:
pd-home=C\:\\Program Files\\WebSphere\\DeploymentManager\\java\\jre\\PolicyDirector pdvar-home=C\:\\Program Files\\WebSphere\\DeploymentManager\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\WebSphere\\DeploymentManager\\java\\jreMake the appropriate changes to point to the TAM Policy Server...pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre- On the dmgr, edit the PdPerm.properties file, and change all path names to the correct path name. Change the following configuration settings:
pdvar-home=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector baseGroup.PDJv1dugong-v2dugongMessageFileHandler.fileName=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__v1dugong-v2dugong.log pdcert-url=file\:/c\:/progra~1/WebSphere/AppServer/java/jre/lib/security/PdPerm.ks baseGroup.PDJv1dugong-v2dugongTraceFileHandler.fileName=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__v1dugong-v2dugong.log pd-home=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre- Start the WAS dmgr.
- On Host2, copy the following missing files from the existing directory to a comparable directory in V 6.1:
%WAS_HOME%\java\jre\PDPerm.properties %WAS_HOME%\java\jre\lib\security\PdPerm.ks %WAS_HOME%\java\jre\PolicyDirector\PDCA.ks- On Host2, edit the PD.properties file and change the following configuration setting:
appsvr-plcysvrs=null\:0:\:1Make the appropriate changes to point to the TAM Policy Server...appsvr-plcysvrs=pdmgrd.test.gc.au.ibm.com\:7135\:1- On Host2, edit the PD.properties file, and change all path names to the correct path name. Change the following settings:
pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector baseGroup.PDJv1dugong-v2dugongMessageFileHandler.fileName=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__v1dugong-v2dugong.log pdcert-url=file\:/c\:/progra~1/IBM/WebSphere/AppServer/java/jre/lib/security/PdPerm.ks baseGroup.PDJv1dugong-v2dugongTraceFileHandler.fileName=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__v1dugong-v2dugong.log pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre config_type=standalone- On Host2, start the node agent and its associated appserver.
- Host3, copy the following missing files from the existing directory to a comparable directory in V 7.0:
%WAS_HOME%\java\jre\PDPerm.properties %WAS_HOME%\java\jre\lib\security\PdPerm.ks %WAS_HOME%\java\jre\PolicyDirector\PDCA.ks- On Host3, edit the PD.properties file and change the following configuration setting:
appsvr-plcysvrs=null\:0:\:1Make the appropriate changes to point to the TAM Policy Server...appsvr-plcysvrs=pdmgrd.test.gc.au.ibm.com\:7135\:1- On Host3, edit the PdPerm.properties file, and change all path names to the correct path name. Change the following settings:
pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector baseGroup.PDJv1dugong-v2dugongMessageFileHandler.fileName=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__v1dugong-v2dugong.log pdcert-url=file\:/c\:/progra~1/IBM/WebSphere/AppServer/java/jre/lib/security/PdPerm.ks baseGroup.PDJv1dugong-v2dugongTraceFileHandler.fileName=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__v1dugong-v2dugong.log pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre config_type=standalone- On Host3, start the node agent and its associated appserver.
Next steps
Also see the migration information with TAM for authentication that is enabled on a single nodes with security enabled.
Related tasks
Migrate with TAM for authentication enabled on a single node
Migrating, coexisting, and interoperating – Security considerations