When Tivoli® Access
Manager security is configured for your existing environment and security
is enabled for a single node, you can migrate to WebSphere® Application Server, Version 7.0.
Before you begin
Your profiles must be migrated using the migration tools to migrate
product configurations.
Important: Do not restart the WebSphere Application Server Version 7.0 server until after performing the following procedure.
The migration tools omit some files that enable the server to start correctly.
About this task
After migrating your profiles additional steps are required when Tivoli Access
Manager security is configured.
Procedure
- Copy the following files from the existing
directory to the same directory for Version 7.0.
%WAS_HOME%\java\jre\PDPerm.properties
%WAS_HOME%\java\jre\lib\security\PdPerm.ks
%WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
- Edit the PD.properties file, and change
the following configuration settings:
appsvr-plcysvrs=null\:0:\:1
config_type=standalone
Make the appropriate changes to point to
your Tivoli Access
Manager Policy Server, for example:appsvr-plcysvrs=pdmgrd.test.gc.au.ibm.com\:7135\:1
config_type=full
- Edit the PdPerm.properties file, and
change all path names to the correct path name. Change the following configuration
settings:
pdvar-home=C\:\\Program
Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
baseGroup.PDJv1dugong-v2dugongMessageFileHandler.fileName=C\:\\Program
Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__v1dugong-v2dugong.log
pdcert-url=file\:/c\:/progra~1/WebSphere/AppServer/java/jre/lib/security/PdPerm.ks
baseGroup.PDJv1dugong-v2dugongTraceFileHandler.fileName=C\:\\Program
Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__v1dugong-v2dugong.log
pd-home=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
java-home=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre
- Copy the profile_root1/PolicyDirector directory
and it's contents to profile_root2/PolicyDirector.
For this example:
- profile_root1 is the root directory of the profile being migrated.
- profile_root2 is the root directory of the version 6.1 profile.
- From an IBM® i command line, type STRQSH and press Enter.
- Type cp -R profile_root1/PolicyDirector profile_root2 and
press Enter.
- Copy the key file of the profile being migrated
to the version 7.0 profile. The location of the key file is defined
in profile_root1/PolicyDirector/PdPerm.properties. For
this example:
- The PdPerm.properties file contains pdcert-url=file\:/QIBM/UserData/WebAS51/Base/AppSvr1/etc/AppSvr1.kdb.
- /QIBM/UserData/WebAS51/Base/AppSvr1 is the root directory
of a Version 5.1 profile.
- From an IBM i command line type STRQSH and press Enter.
- Type cp /QIBM/UserData/WebAS51/Base/AppSvr1/etc/AppSvr1.kdb
profile_root2/etc/AppSvr1.kdb and press Enter.
- Edit the property values in profile_root2/PolicyDirector/PdPerm.properties and
in profile_root2/PolicyDirector/Pd.properties to replace
occurrences of profile_root1 with profile_root2 in
the file path name values.
What to do next
Also see the migration information
with Tivoli Access
Manager for authentication that is enabled on multiple nodes with security
enabled.