When Tivoli Access Manager security is configured for your existing
environment and security is enabled for multiple nodes, you can migrate to
WebSphere Application Server, Version 6.1.
On the deployment manager (Host1),
copy the following files from the existing directory to a comparable directory
in Version 6.1: %WAS_HOME%\java\jre\PDPerm.properties
%WAS_HOME%\java\jre\lib\security\PdPerm.ks
%WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
%WAS_HOME%\java\jre\PolicyDirector\PD.properties
%WAS_HOME%\java\jre\PolicyDirector\PDJLog.properties
On the deployment manager, edit the PD.properties file
and change the following configuration settings: pd-home=C\:\\Program
Files\\WebSphere\\DeploymentManager\\java\\jre\\PolicyDirector
pdvar-home=C\:\\Program
Files\\WebSphere\\DeploymentManager\\java\\jre\\PolicyDirector
java-home=C\:\\Program Files\\WebSphere\\DeploymentManager\\java\\jre
Make
the appropriate changes to point to your Tivoli Access Manager Policy Server,
for example: pd-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
pdvar-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre
On the deployment manager, edit the PdPerm.properties file,
and change all path names to the correct path name. Change the following configuration
settings: pdvar-home=C\:\\Program
Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
baseGroup.PDJv1dugong-v2dugongMessageFileHandler.fileName=C\:\\Program
Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__v1dugong-v2dugong.log
pdcert-url=file\:/c\:/progra~1/WebSphere/AppServer/java/jre/lib/security/PdPerm.ks
baseGroup.PDJv1dugong-v2dugongTraceFileHandler.fileName=C\:\\Program
Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__v1dugong-v2dugong.log
pd-home=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
java-home=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre
On the deployment manager (Host1),
copy the profile_root1/PolicyDirector directory and it's
contents to profile_root2/PolicyDirector. For
this example:
- profile_root1 is the root directory of the profile being migrated.
- profile_root2 is the root directory of the version 6.1 profile.
- From an i5/OS command line, type STRQSH and press Enter.
- Type cp -R profile_root1/PolicyDirector profile_root2 and
press Enter.
On the deployment manager, copy the key file
of the profile being migrated to the version 6.1 profile. The location
of the key file is defined in profile_root1/PolicyDirector/PdPerm.properties.
For this example:
- The PdPerm.properties file contains pdcert-url=file\:/QIBM/UserData/WebAS51/ND/Dmgr01/etc/Dmgr01.kdb..
- /QIBM/UserData/WebAS51/ND/Dmgr01 is the root directory
of a Version 5.1 profile.
- From an i5/OS command line type STRQSH and press Enter.
- Type cp /QIBM/UserData/WebAS51/ND/Dmgr01/etc/Dmgr01.kdb
profile_root2/etc/Dmgr01.kdb and press Enter.
On the deployment manager, edit the property
values in profile_root2/PolicyDirector/PdPerm.properties and
in profile_root2/PolicyDirector/Pd.properties to replace
occurrences of profile_root1 with profile_root2 in
the file path name values.
- Start the WebSphere Application Server deployment manager.
On Host2, copy the following
missing files from the existing directory to a comparable directory in Version
6.1: %WAS_HOME%\java\jre\PDPerm.properties
%WAS_HOME%\java\jre\lib\security\PdPerm.ks
%WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
On Host2, edit the PD.properties file
and change the following configuration setting: appsvr-plcysvrs=null\:0:\:1
Make
the appropriate changes to point to your Tivoli Access Manager Policy Server,
for example:appsvr-plcysvrs=pdmgrd.test.gc.au.ibm.com\:7135\:1
On Host2, edit the PD.properties file,
and change all path names to the correct path name. Change the following
configuration settings: pdvar-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
baseGroup.PDJv1dugong-v2dugongMessageFileHandler.fileName=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__v1dugong-v2dugong.log
pdcert-url=file\:/c\:/progra~1/IBM/WebSphere/AppServer/java/jre/lib/security/PdPerm.ks
baseGroup.PDJv1dugong-v2dugongTraceFileHandler.fileName=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__v1dugong-v2dugong.log
pd-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre
config_type=standalone
On Host2, copy the profile_root1/PolicyDirector directory
and it's contents to profile_root2/PolicyDirector.
For this example:
- profile_root1 is the root directory of the profile being migrated.
- profile_root2 is the root directory of the version 6.1 profile.
- From an i5/OS command line, type STRQSH and press Enter.
- Type cp -R profile_root1/PolicyDirector profile_root2 and
press Enter.
On Host2, copy the key file
of the profile being migrated to the version 6.1 profile. The location
of the key file is defined in profile_root1/PolicyDirector/PdPerm.properties.
For this example:
- The PdPerm.properties file contains pdcert-url=file\:/QIBM/UserData/WebAS51/Base/AppSvr1/etc/AppSvr1.kdb.
- /QIBM/UserData/WebAS51/Base/AppSvr1 is the root directory
of a Version 5.1 profile.
- From an i5/OS command line type STRQSH and press Enter.
- Type cp /QIBM/UserData/WebAS51/Base/AppSvr1/etc/AppSvr1.kdb
profile_root2/etc/AppSvr1.kdb and press Enter.
On Host2, edit the property
values in profile_root2/PolicyDirector/PdPerm.properties and
in profile_root2/PolicyDirector/Pd.properties to replace
occurrences of profile_root1 with profile_root2 in
the file path name values.
- On Host2, start the node agent and its associated
application server.
Host3, copy the following
missing files from the existing directory to a comparable directory in Version
6.1: %WAS_HOME%\java\jre\PDPerm.properties
%WAS_HOME%\java\jre\lib\security\PdPerm.ks
%WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
On Host3, edit the PD.properties file
and change the following configuration setting: appsvr-plcysvrs=null\:0:\:1
Make
the appropriate changes to point to your Tivoli Access Manager Policy Server,
for example:appsvr-plcysvrs=pdmgrd.test.gc.au.ibm.com\:7135\:1
On Host3, edit the PdPerm.properties file,
and change all path names to the correct path name. Change the following
configuration settings: pdvar-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
baseGroup.PDJv1dugong-v2dugongMessageFileHandler.fileName=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__v1dugong-v2dugong.log
pdcert-url=file\:/c\:/progra~1/IBM/WebSphere/AppServer/java/jre/lib/security/PdPerm.ks
baseGroup.PDJv1dugong-v2dugongTraceFileHandler.fileName=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__v1dugong-v2dugong.log
pd-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre
config_type=standalone
On Host3, copy the profile_root1/PolicyDirector directory
and it's contents to profile_root2/PolicyDirector.
For this example:
- profile_root1 is the root directory of the profile being migrated.
- profile_root2 is the root directory of the version 6.1 profile.
- From an i5/OS command line, type STRQSH and press Enter.
- Type cp -R profile_root1/PolicyDirector profile_root2 and
press Enter.
On Host3, copy the key file
of the profile being migrated to the version 6.1 profile. The location
of the key file is defined in profile_root1/PolicyDirector/PdPerm.properties.
For this example:
- The PdPerm.properties file contains pdcert-url=file\:/QIBM/UserData/WebAS51/Base/AppSvr1/etc/AppSvr1.kdb.
- /QIBM/UserData/WebAS51/Base/AppSvr1 is the root directory
of a Version 5.1 profile.
- From an i5/OS command line type STRQSH and press Enter.
- Type cp /QIBM/UserData/WebAS51/Base/AppSvr1/etc/AppSvr1.kdb
profile_root2/etc/AppSvr1.kdb and press Enter.
On Host3, edit the property
values in profile_root2/PolicyDirector/PdPerm.properties and
in profile_root2/PolicyDirector/Pd.properties to replace
occurrences of profile_root1 with profile_root2 in
the file path name values.
- On Host3, start the node agent and its associated
application server.