Migrating, coexisting, and interoperating – Security considerations

Use this topic to migrate the security configuration of previous WebSphere® Application Server releases and its applications to the new installation of WebSphere Application Server.

Before you begin

This information addresses the need to migrate your security configurations from a previous release of IBM® WebSphere Application Server to WebSphere Application Server 8.0. Complete the following steps to migrate your security configurations:

  • If security is enabled in the previous release, obtain the administrative server ID and password of the previous release. This information is needed in order to run certain migration jobs.
  • You can optionally disable security in the previous release before migrating the installation. No logon is required during the installation.
Note: In WebSphere Application Server Version 8.0, be aware of the following additional migration requirements for security:
  • When migrating from WebSphere Application Server Version 7.x to Version 8.0, if you have a business need to preserve security audit logs from the older release you must first archive the security audit log files in Version 7.x. WebSphere Application Server does not support the migration of security audit log files from the older release to Version 8.0.
  • If your WebSphere Application Server Version 7.x environment is enabled for Kerberos, and you are migrating to version 8.0 on a different machine, the keytab and configuration files for Kerberos must be at the same location on the Version 8.0 machine as on the Version 7.x machine or the configuration will not work.

Procedure

Follow the steps in "Migrating product configurations".

Results

The security configuration of previous WebSphere Application Server releases and its applications are migrated to the new installation of WebSphere Application Server Version 8.0.

What to do next

You must migrate any custom class files that are not migrated.

If the previous version instance is configured to enable secure connections using digital certificates that are signed by the Digital Certificate Manager (DCM) local certificate authority, those certificates must be renewed. For example, they must be renewed for the previous version instance, the WebSphere Application Server Version 8.0 profile, and all of the Secure Socket Layer-enabled clients and servers that connect to WebSphere Application Server. For more information, see SSL handshake failure using digital certificates signed by a Digital Certificate Manager (DCM) local certificate authority.

IBM i *SYSTEM certificate stores for applications are deprecated in WebSphere Application Server Version 5. In WebSphere Application Server Version 8.0, you must migrate your applications to use Java keystores.




In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Jan 30, 2014 9:17:32 AM CST
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-nd-iseries&topic=tsecmigrate
File name: tsec_migrate.html