Migrate with TAM for authentication enabled on multiple nodes


When TAM security is configured for the existing environment and security is enabled for multiple nodes, we can migrate to WAS, V 6.1.

Do not restart the WAS V 7.0 servers until after performing the following procedure. The migration tools omit some files that enable the server to start correctly.

After migrating the profiles, additional steps are required when TAM security is configured.

 

  1. On the dmgr (Host1), copy the following files from the existing directory to a comparable directory in V6.1:

    %WAS_HOME%\java\jre\PDPerm.properties
    %WAS_HOME%\java\jre\lib\security\PdPerm.ks
    %WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
    %WAS_HOME%\java\jre\PolicyDirector\PD.properties
    %WAS_HOME%\java\jre\PolicyDirector\PDJLog.properties
    

  2. On the dmgr, edit the PD.properties file and change the following settings:

    pd-home=C\:\\Program Files\\WebSphere\\DeploymentManager\\java\\jre\\PolicyDirector pdvar-home=C\:\\Program Files\\WebSphere\\DeploymentManager\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\WebSphere\\DeploymentManager\\java\\jre
    
    Make the appropriate changes to point to the TAM Policy Server...

    pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre
    

  3. On the dmgr, edit the PdPerm.properties file, and change all path names to the correct path name. Change the following configuration settings:

    pdvar-home=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector baseGroup.PDJv1dugong-v2dugongMessageFileHandler.fileName=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__v1dugong-v2dugong.log
     pdcert-url=file\:/c\:/progra~1/WebSphere/AppServer/java/jre/lib/security/PdPerm.ks
     baseGroup.PDJv1dugong-v2dugongTraceFileHandler.fileName=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__v1dugong-v2dugong.log
     pd-home=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
     java-home=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre
    

  4. Start the WAS dmgr.

  5. On Host2, copy the following missing files from the existing directory to a comparable directory in V 6.1:

    %WAS_HOME%\java\jre\PDPerm.properties
    %WAS_HOME%\java\jre\lib\security\PdPerm.ks
    %WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
    

  6. On Host2, edit the PD.properties file and change the following configuration setting:

    appsvr-plcysvrs=null\:0:\:1
    
    Make the appropriate changes to point to the TAM Policy Server...

    appsvr-plcysvrs=pdmgrd.test.gc.au.ibm.com\:7135\:1
    

  7. On Host2, edit the PD.properties file, and change all path names to the correct path name. Change the following settings:

    pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector baseGroup.PDJv1dugong-v2dugongMessageFileHandler.fileName=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__v1dugong-v2dugong.log
     pdcert-url=file\:/c\:/progra~1/IBM/WebSphere/AppServer/java/jre/lib/security/PdPerm.ks
     baseGroup.PDJv1dugong-v2dugongTraceFileHandler.fileName=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__v1dugong-v2dugong.log
     pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre config_type=standalone
    

  8. On Host2, start the node agent and its associated appserver.

  9. Host3, copy the following missing files from the existing directory to a comparable directory in V 7.0:

    %WAS_HOME%\java\jre\PDPerm.properties
    %WAS_HOME%\java\jre\lib\security\PdPerm.ks
    %WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
    

  10. On Host3, edit the PD.properties file and change the following configuration setting:

    appsvr-plcysvrs=null\:0:\:1
    
    Make the appropriate changes to point to the TAM Policy Server...

    appsvr-plcysvrs=pdmgrd.test.gc.au.ibm.com\:7135\:1
    

  11. On Host3, edit the PdPerm.properties file, and change all path names to the correct path name. Change the following settings:

    pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector baseGroup.PDJv1dugong-v2dugongMessageFileHandler.fileName=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__v1dugong-v2dugong.log
     pdcert-url=file\:/c\:/progra~1/IBM/WebSphere/AppServer/java/jre/lib/security/PdPerm.ks
     baseGroup.PDJv1dugong-v2dugongTraceFileHandler.fileName=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__v1dugong-v2dugong.log
     pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre config_type=standalone
    

  12. On Host3, start the node agent and its associated appserver.

 

Next steps

Also see the migration information with TAM for authentication that is enabled on a single nodes with security enabled.

 

Related tasks


Migrate with TAM for authentication enabled on a single node
Migrating, coexisting, and interoperating – Security considerations