Migrate, coexist, and interoperate - Security considerations

Use this topic to migrate the security configuration of previous WebSphere Application Server releases and its applications to the new installation of WAS.

This information addresses the need to migrate our security configurations from a previous release of IBM WAS to WAS 8.0.

• If security is enabled in the previous release, obtain the administrative server ID and password of the previous release. This information is needed in order to run certain migration jobs.

• We can optionally disable security in the previous release before migrating the installation. No logon is required during the installation.

In WAS v8.0, be aware of the following additional migration requirements for security:

• When migrating from WAS v7.x to v8.0, if we have a business need to preserve security audit logs from the older release first archive the security audit log files in v7.x. WAS does not support the migration of security audit log files from the older release to v8.0.

• If our WAS v7.x environment is enabled for Kerberos, and we are migrating to version 8.0 on a different machine, the keytab and configuration files for Kerberos must be at the same location on the v8.0 machine as on the v7.x machine or the configuration will not work.

Tasks

Use the First steps console to access the WebSphere Customization Toolbox, and run the Migration Management Tool.

1. Start the First steps console...
   app_server_root\profiles\profile\firststeps\firststeps.bat

2. On the First steps console panel, click WebSphere Customization Toolbox.

3. Open the Migration Management Tool.

4. Follow the instructions provided to complete the migration.

The security configuration of previous WAS releases and its applications are migrated to the new installation of WAS v9.0.

Migrate any custom class files that are not migrated.

Subtopics

• Interoperating with previous product versions
  
• Interoperating with a C++ common object request broker architecture client
  
• Migrate trust association interceptors
  
• Migrate Common Object Request Broker Architecture programmatic login to JAAS (CORBA and JAAS)
  
• Migrate from the CustomLoginServlet class to servlet filters
  
• Migrate Java 2 security policy
  
• Migrate with ISAM for authentication enabled on a single node
  
• Migrate with ISAM for authentication enabled on multiple nodes
  
• (iSeries) Migrate Java thin clients that use the password encoding algorithm
  
• Migrate unrestricted jurisdiction policy files, local_policy.jar and US_export_policy.jar
  

Related:

JAAS

Web component security

Java EE connector security

(ZOS) System Authorization Facility classes and profiles

Configure inbound identity mapping