When Tivoli® Access
Manager security is configured for your existing environment and security
is enabled for multiple nodes, you can migrate to WebSphere® Application Server, Version
6.1.
Before you begin
Important: Do not restart the WebSphere Application Server Version 7.0 servers until after performing the following procedure. The migration
tools omit some files that enable the server to start correctly.
About this task
After migrating your profiles, additional steps are required when Tivoli Access
Manager security is configured.
Procedure
- On the deployment manager (Host1),
copy the following files from the existing directory to a comparable directory
in Version 6.1:
%WAS_HOME%\java\jre\PDPerm.properties
%WAS_HOME%\java\jre\lib\security\PdPerm.ks
%WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
%WAS_HOME%\java\jre\PolicyDirector\PD.properties
%WAS_HOME%\java\jre\PolicyDirector\PDJLog.properties
- On the deployment manager, edit the PD.properties file
and change the following configuration settings:
pd-home=C\:\\Program
Files\\WebSphere\\DeploymentManager\\java\\jre\\PolicyDirector
pdvar-home=C\:\\Program
Files\\WebSphere\\DeploymentManager\\java\\jre\\PolicyDirector
java-home=C\:\\Program Files\\WebSphere\\DeploymentManager\\java\\jre
Make
the appropriate changes to point to your Tivoli Access Manager Policy Server,
for example: pd-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
pdvar-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre
- On the deployment manager, edit the PdPerm.properties file,
and change all path names to the correct path name. Change the following configuration
settings:
pdvar-home=C\:\\Program
Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
baseGroup.PDJv1dugong-v2dugongMessageFileHandler.fileName=C\:\\Program
Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__v1dugong-v2dugong.log
pdcert-url=file\:/c\:/progra~1/WebSphere/AppServer/java/jre/lib/security/PdPerm.ks
baseGroup.PDJv1dugong-v2dugongTraceFileHandler.fileName=C\:\\Program
Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__v1dugong-v2dugong.log
pd-home=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
java-home=C\:\\Program Files\\WebSphere\\AppServer\\java\\jre
- Start the WebSphere Application Server deployment manager.
- On Host2, copy the following
missing files from the existing directory to a comparable directory in Version
6.1:
%WAS_HOME%\java\jre\PDPerm.properties
%WAS_HOME%\java\jre\lib\security\PdPerm.ks
%WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
- On Host2, edit the PD.properties file
and change the following configuration setting:
appsvr-plcysvrs=null\:0:\:1
Make
the appropriate changes to point to your Tivoli Access Manager Policy Server,
for example:appsvr-plcysvrs=pdmgrd.test.gc.au.ibm.com\:7135\:1
- On Host2, edit the PD.properties file,
and change all path names to the correct path name. Change the following
configuration settings:
pdvar-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
baseGroup.PDJv1dugong-v2dugongMessageFileHandler.fileName=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__v1dugong-v2dugong.log
pdcert-url=file\:/c\:/progra~1/IBM/WebSphere/AppServer/java/jre/lib/security/PdPerm.ks
baseGroup.PDJv1dugong-v2dugongTraceFileHandler.fileName=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__v1dugong-v2dugong.log
pd-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre
config_type=standalone
- On Host2, start the node agent and its associated
application server.
- Host3, copy the following
missing files from the existing directory to a comparable directory in Version 7.0:
%WAS_HOME%\java\jre\PDPerm.properties
%WAS_HOME%\java\jre\lib\security\PdPerm.ks
%WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
- On Host3, edit the PD.properties file
and change the following configuration setting:
appsvr-plcysvrs=null\:0:\:1
Make
the appropriate changes to point to your Tivoli Access Manager Policy Server,
for example:appsvr-plcysvrs=pdmgrd.test.gc.au.ibm.com\:7135\:1
- On Host3, edit the PdPerm.properties file,
and change all path names to the correct path name. Change the following
configuration settings:
pdvar-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
baseGroup.PDJv1dugong-v2dugongMessageFileHandler.fileName=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__v1dugong-v2dugong.log
pdcert-url=file\:/c\:/progra~1/IBM/WebSphere/AppServer/java/jre/lib/security/PdPerm.ks
baseGroup.PDJv1dugong-v2dugongTraceFileHandler.fileName=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__v1dugong-v2dugong.log
pd-home=C\:\\Program
Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre
config_type=standalone
- On Host3, start the node agent and its associated
application server.
What to do next
Also see the migration information with Tivoli Access Manager for authentication
that is enabled on a single nodes with security enabled.