*****************************************************************
IBM DB2 OLAP Server 8.1
Security Migration Tool
August 2002 -- now supports AIX!
*****************************************************************
Contents:
Overview
Supported products and migration scenarios
Before you begin
Running the Security Migration Tool
Output from migration
Migrating the supporting data files
Usage notes
If you have login problems
If the data does not migrate
When you upgrade to a new version of DB2 OLAP Server, you probably want
to preserve your security data, which defines your users and groups and
the access they have to OLAP applications. Depending on your installation,
you have three options:
-
If you are simply upgrading the server on a computer, your existing security
data is preserved after you install the new server code. There is
no need to migrate.
-
If you are moving your OLAP product to another computer, even without upgrading
to a new version, the Security Migration Tool makes that migration quick
and easy. If both servers are running and can communicate through
the filesystem or through FTP, you can migrate the data directly.
-
If you are installing the new V8.1 server on the same computer as the old
V7.1 server, and you want to preserve the V7.1 server, the Security Migration
Tool provides an option to save security data from your source server in
a data file, which you can then import later to your destination server.
The Security Migration Tool can migrate OLAP security data about applications,
databases, filters, users, and groups, either locally on one computer or
from one computer to another. The tool:
-
Updates the essbase.sec file on the destination server.
-
Generates log files which include information about the servers and migrated
data.
-
Optionally creates a data file to store your security data.
-
Optionally migrates supporting data files associated with the applications
and databases, such as outlines and reports.
The Security Migration Tool is licensed for use with DB2 OLAP Server only.
Supported software and migration scenarios
|
Top |
Operating systems:
-
The Security Migration Tool runs on all Windows operating systems supported
by DB2 OLAP Server V7.1 and V8.1.
-
You can migrate security information from one OLAP server on Windows or
AIX to another OLAP server on Windows or AIX. Either server can be
local or remote.
Storage Managers: Currently, the Security Migration tool only
supports the migration of applications that use the multidimensional storage
manager (MSM). If you have applications that use the relational storage
manager (RSM) on your OLAP server, and you want to use this tool to migrate
them, you must first migrate the applications from RSM to MSM. For
more information on RSM-to-MSM migration, see the Installation Guide.
Product combinations:
| From this product: |
To this product: |
| IBM DB2 OLAP Server V7.1, any FixPak level |
IBM DB2 OLAP Server V7.1, any FixPak level |
| IBM DB2 OLAP Server V7.1 |
IBM DB2 OLAP Server V8.1 |
1. Backup your security information files. Make copies of the
essbase.sec
file and <arborpath>/app directory on your destination server
and store them in a temporary or backup directory.
2. Select one of the three migration scenarios:
-
Migrate security data from a source server directly onto a destination
server. This will run a complete migration. Note that both servers
must be up and running.
-
Export the security data from a source server into
a data file. Because you cannot run two OLAP servers simultaneously
on the same computer, the Security Migration Tool provides an option to
store security data from your source server in a data file (data.txt),
which you can then import later into your destination server. The data
file can also be used as a reference or a backup of security data.
-
Import security data from a data file onto a destination server. This
uses a data file (data.txt) to migrate data onto a server. The
data file must be in the same directory as the Security Migration Tool
program. Note that the server must be up and running. This method can be
used if you are migrating across servers that are not connected in any
manner, migrating across servers on the same machine, or migrating a snapshot
of security data captured previously. If you copy the supporting
files to a temporary directory for migration, the path of the temporary
directory must include the app directory.
3. Make sure you have the correct access and user permissions:
-
You must have Supervisor privileges on all the OLAP servers accessed
in the migration.
-
When migrating using a data file, you must have write permission for the
directory in which the security Migration Tool is stored, and there must
be space for creating the data file.
-
When migrating supporting application/database files, you must have permission
to copy the files from the source directories, and to write the files to
the destination directories. If specific files are not copied, there is
most likely a problem with user permissions.
4. Plan for migrating users or groups:
-
Users and groups can be migrated without applications or databases, but
if the users or groups are migrated separately before the applications
and databases, you must update their access to the applications and databases
on the destination server manually.
-
Existing objects (applications, databases, filters, users and groups) on
the destination server are not overwritten or migrated. If they already
exist, they will not be re-created.
-
When you migrate applications with users or groups, the Tool only migrates
the users or groups that have access to those applications, ignoring those
that do not have access. If you want to migrate all of your users
or groups, including those that do not have access to any applications,
it is suggested that you first migrate the applications, users, and groups.
Then run the tool again and select users and groups only, which will migrate
users and groups that do not have access to applications. You can check
which users and groups have access in the Application Manager by selecting
the Application and then the Security/Application menu. If the application
access for a user or group is None, the user or group will not be
migrated. You can also check access by issuing a dump in DB2 OLAP
Server on the source server.
Running the Security Migration Tool
|
Top |
A. Download the Security Migration Tool from the DB2 OLAP Server
Web site to a directory on your Windows computer:
www.ibm.com/software/data/db2/db2olap/secmig.html
B. Unzip the ZIP file and start the Security Migration Tool by entering:
secmgr.exe
C. Enter the options to migrate:
-
Enter the server login information (the names of the servers and your user
ID and password for each server) and specify the OLAP objects for which
you want to migrate security data (applications, databases, filters, users,
and groups). When you specify the server, you must use a server name; you
cannot use an TCP/IP address. The server names must be recognized by the
server you are using and must be listed in your WINNT/system32/drivers/etc/hosts
file, or the server must be accessible on the local network.
-
If you want to migrate supporting application/database files, enter their
directory paths as they are defined on their computer on the local computer.
For example, if your source server is on the local computer and it was
installed in the default directory, enter c:\ibm\db2olap for the
source server. If you are accessing a remote computer through your
file system and you assigned it the drive letter d, then enter
d:\ibm\db2olap.
If you are accessing a computer that is not on the local filesystem, but
is available through FTP, then enter the OLAP directory as it is defined
on the machine you are accessing. For example, if your source server
is on AIX, and DB2 OLAP Server is installed in /db2olap, then
enter
/db2olap.
-
If you choose to migrate applications, you can select specific applications
you want to migrate from the list.
-
Run the migration. After entering the migration options, a panel
displays a summary of what you have chosen. Click Run Migration
to continue. The tool displays a progress panel which lists the security
objects to be migrated.
After the migration completes, the tool displays a results panel which
shows the options that migrated successfully and any errors, if any.
Output from migration
|
Top |
The Security Migration Tool creates the following output files:
secmgr.log: Lists the successful migrations of
applications, databases, filters, users and groups. Migrations that
failed are also listed with a reference to the results.log file
for error details.
results.log: Contains details of the data that migrated successfully
and unsuccessfully, including error information.
essbase.log: Lists all of the DB2 OLAP Server messages that are
sent to the Security Migration Tool by the source and destination OLAP
servers.
connect.log: Contains connection information entered by
the user and any connection errors returned by the OLAP Server. A connection
error might be a failure to locate the message database file or an invalid
path, user name, or password.
data.txt : Lists all of the data chosen to be migrated.
Do not edit this file manually.
Migrating the supporting data files
|
Top |
If you choose to migrate the supporting data files, each database folder
in the app/<application> directory of the destination
server will contain a sub-folder called migrated_data.
This will contain all supporting files copied from the source server database
directories except for files with the following file extensions:
.db .dbb .esm .ind
.tct
All the supporting files contained in the migrated_data folder
can be moved up a directory as needed. Rename the original <database>.otl
file prior to moving the migrated data files.
If you copy the supporting files to a temporary directory for migration,
and if you generate and use a data.txt file
to migrate the supporting files, the path of the temporary directory must
include the app directory. For example, on Windows, if you
copy the supporting files to a local directory called c:\temp\myOLAPmigration
directory, the correct path looks like this:
c:\temp\myOLAPmigration\app\<application>\<database>
If you cannot open a migrated outline on the destination server:
-
The migration might have changed the case of the outline filename to all
lowercase or uppercase. For example, Basic.otl might have
been migrated as basic.otl. To correct the problem, change
the filename of the migrated outline file to match the case of the database's
.db
file.
-
If you get an error message stating that the outline is locked, then you
need to add permissions to the outline file to include read/write for your
user ID on Windows. For an AIX outline, run chmod 770 <dbname>.otl
and you will then be able to open the outline.
Database Settings: When currency databases are migrated, some
of the database settings are not immediately set. These settings
include the number of dimensions, currency time, and currency category.
After the outlines and databases are migrated and the database is loaded,
these settings are updated.
Order of search for OLAP servers when migrating supporting data files:
When the Security Migration Tool looks for an OLAP server, it looks first
on remote computers through TCP/IP. If the tool does not find the
server through FTP, it looks for it in the local file system.
Accessing non-local servers: On Windows, if one or both
of the OLAP servers is on a remote server computer, that computer must
be listed in the c:\WINNT\system32\drivers\etc\hosts
file on the computer from which you are running the tool, or on the local
network.
If the data does not migrate: If the destination server
is accessible through FTP, the Tool copies the database files using FTP.
When the FTP server logs into the destination server, it uses the user
ID and password you specified in the Tool for that server. If the
destination machine does not recognize that user ID, the file transfer
fails. If this happens, use another ID on the OLAP Server for the
migration that has supervisor privileges and access to that machine.
If there is no user on the destination OLAP Server that has access to the
machine, then create one with supervisor privileges on the OLAP Server
and use that ID for the migration.
The tool does not verify that data files were migrated onto the destination
server. You can verify that this was completed by checking the
<appname>/<dbname>/migrated_data
folder for each database that was migrated. If the data files did
not migrate, it is most likely because the user ID that was used in the
migration does not have permission to copy files from the source directory
or to the destination directory.
If you have login problems
|
Top |
If the Tool cannot find a directory, make sure that the directory is active
on the network file system, or that the server can be accessed by FTP by
using your login ID and password. Otherwise, the Security Migration Tool
will not find the directory.
The connect.log file contains details of the connection attempts.
If you have a version of DB2 OLAP Server that is not supported by this
tool, the log file should indicate that the version is invalid. It will
also indicate invalid user IDs and passwords.
If the OLAP remote servers that you are accessing are not available
on FTP, and are on the file system, make sure that the directory is active
on the network file system. Otherwise, the Security Migration Tool will
not find the directory.
If an OLAP server is stored on a remote computer that is accessible
only through FTP, and you are migrating supporting data files, then the
FTP user ID and password you use to access the remote computer must be
identical to your OLAP user ID and password for that server. If they
do not match, you can update your OLAP user ID and password using the Application
Manager to make them match.
(c)
Copyright International Business Machines Corporation 1998, 2002. All Rights
Reserved.
US Government Users Restricted
Rights – Use, duplication or disclosure restricted by GSA ADP Schedule
Contract with IBM Corp.