When Tivoli® Access
Manager security is configured for your existing environment and security
is enabled for multiple nodes, you can migrate to WebSphere® Application Server, Version 8.0.
Before you begin
Your profiles must be migrated using the migration tools
to migrate product configurations.
Important: Do not
restart the WebSphere Application Server Version 8.0 server until after
performing the following procedure. The migration tools omit some
files that enable the server to start correctly.
About this task
After migrating your profiles, additional steps are required
when Tivoli Access Manager
security is configured.
For transitioning users: WebSphere Application Server Version 8.0
hosts Tivoli Access Manager
specific files under the
%WAS_HOME%/tivoli/tam directory.
In previous versions, these files were hosted under the
%WAS_HOME%/java/jre/ hierarchy.
trns
Note: In the following steps, %WASX% refers
to the installation root of the source WebSphere Application Server product, and %WAS8% refers
to the installation root of the target WebSphere Application Server product (the
Version 8.0 installation root).
Migration
in a multi-node environment involves migrating individual nodes, starting
with the deployment manager. The following procedure discuss both
the overall migration steps and the host-specific migration steps.
Procedure
- For the overall migration steps, do
the following:
- On the deployment manager (host1) perform
the host specific migration steps as described in step 2 below.
- Start the deployment manager.
- For each of the application server node/hosts (such
as host2, host3 and so on), do the
following:
- Perform the host specific migration steps as described in step
2 below.
- Start the node-agent and associated application server on the
respective host.
- For the host specific migration steps,
do the following:
- Copy the following files from the source location to
the target location:
Table 1. Files to copy from the
source location to the target location. Files to copy
from the source location to the target location
Source Location |
Target Location |
%WASX%\java\jre\PDPerm.properties |
%WAS8%\tivoli\tam\PDPerm.properties |
%WASX%\java\jre\lib\security\PdPerm.ks (if
found) |
%WAS8%\tivoli\tam\lib\security\PdPerm.ks |
%WASX%\java\jre\lib\PdPerm.ks (if
found) |
%WAS8%\tivoli\tam\PdPerm.ks |
%WASX%\java\jre\PolicyDirector\PDCA.ks |
%WAS8%\tivoli\tam\PolicyDirector\PDCA.ks |
%WASX%\java\jre\PolicyDirector\PD.properties |
%WAS8%\tivoli\tam\PolicyDirector\PD.properties |
%WASX%\java\jre\PolicyDirector\etc\pdjrte_paths |
%WAS8%\tivoli\tam\PolicyDirector\etc\pdjrte_paths |
%WASX%\java\jre\PolicyDirector\etc\pdjrte_mapping |
%WAS8%\tivoli\tam\PolicyDirector\etc\pdjrte_mapping |
- Edit the PD.properties file, and change the
following configuration settings:
appsvr-plcysvrs=null\:0:\:1
config_type=standalone
Make the appropriate changes to
point to your Tivoli Access
Manager Policy Server, for example:appsvr-plcysvrs=pdmgrd.test.gc.au.ibm.com\:7135\:1
config_type=full
- Edit the following four files on the target system and
make sure that all of the path references are corrected:
- %WAS8%/tivoli/tam/PdPerm.properties
- %WAS8%/tivoli/tam/PolicyDirector/PD.properties
- %WAS8%/tivoli/tam/PolicyDirector/etc/pdjrte_paths
- %WAS8%/tivoli/tam/PolicyDirector/etc/pdjrte_mapping
When you correct the paths, complete the following steps
in order:
- Ensure that all references from %WASX%/java/jre/PolicyDirector are
changed to %WAS8%/tivoli/tam/PolicyDirector.
- Ensure that all references (in the PdPerm.properties file)
from the%WASX%/java/jre/[security]/PdPerm.ks file
are changed to %WAS8%/tivoli/tam/pdPerm.ks.
- Ensure that all remaining references from %WASX%/java/jre are
changed to %WAS8%/java/jre.
- Edit the %WAS8%/tivoli/tam/PolicyDirector/etc/pdjrte_mapping file.
It contains the JRE->JRE mapping: %WAS8%/java/jre=%WAS8%/java/jre.
Change
this mapping to JRE->tivoli/tam:
%WAS8%/java/jre=%WAS8%/tivoli/tam.
What to do next
Also see Migrating with Tivoli Access
Manager for authentication enabled on a single node for more information.