[AIX HP-UX Linux Solaris Windows]

Manually migrating from WebSphere Application Server 5.1 to WebSphere Application Server 6.x with Tivoli Access Manager enabled on multiple nodes

After WebSphere Application Server 6.x is installed on multiple systems being upgraded from version 5.1, you can also migrate the Tivoli Access Manager 5.1 authorization configuration. This should be performed before the Application Server is started.

Before you begin

Do not start the Application Server after running the migration wizard or using the migration scripts. This applies to the Deployment Manager system as well as to the managed nodes. The migration will have missed some relevant Tivoli Access Manager files that will prevent the Application Server from starting.

Procedure

  1. On the Deployment Manager system, copy the following files from the version 5.1 directory to the same directory for the version 6.x installation:
    • %WAS_HOME%\java\jre\PDPerm.properties
    • %WAS_HOME%\java\jre\lib\security\pdperm.ks
    • %WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
    • %WAS_HOME%\java\jre\PolicyDirector\PD.properties
    • %WAS_HOME%\java\jre\PolicyDirector\PDJLog.properties
  2. On the Deployment Manager system, open the PD.properties file with a text editor and change the pathnames to the correct pathnames for the following elements, as shown in the following example:
    pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
    pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
    java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre
    jar-files=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\lib\\ext
    \\ibmjcefw.jar,C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext
    \\ibmjsse.jar,C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib
    \\ext\\ibmpkcs.jar,C\:\\Program Files\\WebSphere\\AppServer\\java\\jre
    \\lib\\ext\\jaas.jar,C\:\\Program Files\\WebSphere\\AppServer\\java\\jre
    \\lib\\ext\\local_policy.jar,C\:\\Program Files\\WebSphere\\AppServer
    \\java\\jre\\lib\\ext\\PD.jar,C\:\\Program Files\\WebSphere\\AppServer
    \\java\\jre\\lib\\ext\\US_export_policy.jar
  3. On the Deployment Manager system, open the PdPerm.properties file with a text editor and change all pathnames to the appropriate pathname, as shown in the following example:
    pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
    baseGroup.PDJ<appsvr-servername>MessageFileHandler.fileName=C\:\\Program Files
    \\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__<appsvr-servername>.log
    pdcert-url=file\:/c\:/progra~1/IBM/WebSphere/AppServer/java/jre/lib/security/pdperm.ks
    baseGroup.PDJ<appsvr-servername>TraceFileHandler.fileName=C\:\\Program Files\\IBM\\WebSphere
    \\AppServer\\java\\jre\\PolicyDirector\\log/trace_<appsvr-servername>.log
    pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
    java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre
    jar-files=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmjcefw.jar,
    C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmjsse.jar,C\:\\Program Files
    \\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmpkcs.jar,C\:\\Program Files\\WebSphere
    \\AppServer\\java\\jre\\lib\\ext\\jaas.jar,C\:\\Program Files\\WebSphere\\AppServer\\java
    \\jre\\lib\\ext\\local_policy.jar,C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib
    \\ext\\PD.jar,C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\US_export_policy.jar
    Note: For the purposes of this example it is assumed that the Application Server has been installed on the C drive running Microsoft Windows. If your Application Server installation is not on the C drive then change the file paths in the configuration settings accordingly.
    Note: The <appsvr-servername> value is located in the PdPerm.properties file.
  4. Start the Application Server Deployment Manager.
  5. For each of the managed nodes, copy the following files from the version 5.1 directory to the same directory for the version 6.x installation:
    • %WAS_HOME%\java\jre\PDPerm.properties
    • %WAS_HOME%\java\jre\lib\security\pdperm.ks
    • %WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
    • %WAS_HOME%\java\jre\PolicyDirector\PD.properties
    • %WAS_HOME%\java\jre\PolicyDirector\PDJLog.properties
  6. For each of the managed nodes, open the PD.properties file with a text editor and change the following configuration elements so that their specified paths are correct:
    pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
    pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
    java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre
    jar-files=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmjcefw.jar, 
    C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmjsse.jar,C\:\\Program Files 
    \\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmpkcs.jar,
    C\:\\Program Files\\WebSphere \\AppServer\\java\\jre\\lib\\ext\\jaas.jar,C\:\\Program Files
    \\WebSphere\\AppServer\\java \\jre\\lib\\ext\\local_policy.jar,C\:\\Program Files\\WebSphere
    \\AppServer\\java\\jre\\lib \\ext\\PD.jar,
    C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\US_export_policy.jar
  7. On each of the managed nodes being migrated, open the PdPerm.properties file with a text editor and change all pathnames to the appropriate pathname, as shown in the following example:
    pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
    baseGroup.PDJ<appsvr-servername>MessageFileHandler.fileName=C\:\\Program Files\\IBM\\WebSphere
    \\AppServer\\java\\jre\\PolicyDirector\\log/msg__<appsvr-servername>.log
    pdcert-url=file\:/c\:/progra~1/IBM/WebSphere/AppServer/java/jre/lib/security/PdPerm.ks
    baseGroup.PDJ<appsvr-servername>TraceFileHandler.fileName=C\:\\Program Files\\IBM\\WebSphere
    \\AppServer\\java\\jre\\PolicyDirector\\log/trace__<appsvr-servername>.log
    pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
    java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre
    config_type=standalone
    
  8. Start the node agents and associated application servers on each of the Application Server nodes that were migrated to version 6.x.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Feb 19, 2011 5:25:36 AM CST
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v610web&product=was-nd-mp&topic=tsec_migrate_tam_enabled_multiple_nodes
File name: tsec_migrate_tam_enabled_multiple_nodes.html