When Tivoli® Access
Manager security is configured for your existing environment and security
is enabled for multiple nodes, you can migrate to WebSphere® Application Server, Version 8.5.
Before you begin
Your profiles must be migrated using the migration tools
to migrate product configurations.
Important: Do not
restart the WebSphere Application Server Version 8.5 server until after
performing the following procedure. The migration tools omit some
files that enable the server to start correctly.
About this task
After migrating your profiles, additional steps are required
when Tivoli Access Manager
security is configured.
Note: WebSphere Application
Server Version 8.0 and above hosts Tivoli Access
Manager specific files under the %WAS_HOME%/tivoli/tam directory.
In previous versions, these files were hosted under the %WAS_HOME%/java/jre/ hierarchy.
Procedure
On the deployment manager (Host1),
copy the profile_root1/PolicyDirector directory
and it's contents to profile_root2/PolicyDirector.- From an IBM® i
command line, type STRQSH and press Enter.
- Type cp -R profile_root1/PolicyDirector profile_root2 and
press Enter.
On the deployment manager, copy the
key file of the profile being migrated to the version 6.1 profile. The location of the key file is defined in profile_root1/PolicyDirector/PdPerm.properties.
For this example: - The PdPerm.properties file contains pdcert-url=file\:/QIBM/UserData/WebAS51/ND/Dmgr01/etc/Dmgr01.kdb..
- /QIBM/UserData/WebAS51/ND/Dmgr01 is the root
directory of a Version 6.1 profile.
- From an IBM i
command line type STRQSH and press Enter.
- Type cp /QIBM/UserData/WebAS51/ND/Dmgr01/etc/Dmgr01.kdb
profile_root2/etc/Dmgr01.kdb and press Enter.
On the deployment manager, edit the
property values in profile_root2/PolicyDirector/PdPerm.properties and
in profile_root2/PolicyDirector/Pd.properties to
replace occurrences of profile_root1 with profile_root2 in
the file path name values.
Start the WebSphere Application Server deployment manager.
On Host2, copy the profile_root1/PolicyDirector directory
and it's contents to profile_root2/PolicyDirector.- From an IBM i
command line, type STRQSH and press Enter.
- Type cp -R profile_root1/PolicyDirector profile_root2 and
press Enter.
On Host2, copy the
key file of the profile being migrated to the version 6.1 profile. The location of the key file is defined in profile_root1/PolicyDirector/PdPerm.properties.
For this example: - The PdPerm.properties file contains pdcert-url=file\:/QIBM/UserData/WebAS51/Base/AppSvr1/etc/AppSvr1.kdb.
- /QIBM/UserData/WebAS51/Base/AppSvr1 is the
root directory of a Version 6.1 profile.
- From an IBM i
command line type STRQSH and press Enter.
- Type cp /QIBM/UserData/WebAS51/Base/AppSvr1/etc/AppSvr1.kdb
profile_root2/etc/AppSvr1.kdb and press Enter.
On Host2, edit the
property values in profile_root2/PolicyDirector/PdPerm.properties and
in profile_root2/PolicyDirector/Pd.properties to
replace occurrences of profile_root1 with profile_root2 in
the file path name values.
On Host2, start the
node agent and its associated application server.
On Host3, copy the profile_root1/PolicyDirector directory
and it's contents to profile_root2/PolicyDirector.- From an IBM i
command line, type STRQSH and press Enter.
- Type cp -R profile_root1/PolicyDirector profile_root2 and
press Enter.
On Host3, copy the
key file of the profile being migrated to the version 6.1 profile. The location of the key file is defined in profile_root1/PolicyDirector/PdPerm.properties.
For this example: - The PdPerm.properties file contains pdcert-url=file\:/QIBM/UserData/WebAS51/Base/AppSvr1/etc/AppSvr1.kdb.
- /QIBM/UserData/WebAS51/Base/AppSvr1 is the
root directory of a Version 6.1 profile.
- From an IBM i
command line type STRQSH and press Enter.
- Type cp /QIBM/UserData/WebAS51/Base/AppSvr1/etc/AppSvr1.kdb
profile_root2/etc/AppSvr1.kdb and press Enter.
On Host3, edit the
property values in profile_root2/PolicyDirector/PdPerm.properties and
in profile_root2/PolicyDirector/Pd.properties to
replace occurrences of profile_root1 with profile_root2 in
the file path name values.
On Host3, start the
node agent and its associated application server.
What to do next
Also see Migrating with Tivoli Access
Manager for authentication enabled on a single node for more information.