24.3.3 Migrating Access Gateway

  1. (When using the existing IP address) Note down the IP address and hostname of 4.5.x Access Gateway on the Windows machine.

  2. (When using the existing IP address) Switch of the Windows machine on which 4.5.x Access Gateway is installed.

  3. (When using the existing IP address) On the RHEL machine, change the IP address and hostname.

    1. Go to /etc/sysconfig/network-scripts/.

    2. Open the ifcfg-Profile_1 file and change the IP address to the IP address that you noted in Step 1.

    3. Open the /etc/hosts file and change the IP address and hostname to the IP address and hostname that you noted in Step 1.

    4. Open the /etc/hostname file and change the hostname to the hostname you noted in Step 1.

    5. Reboot the machine.

    6. SSH to the RHEL machine with the changed IP address.

  4. On the RHEL machine, download the installer file from Micro Focus Downloads, extract the tar.gz file by using the tar -xzvf <filename> command, and change to the novell-access-manager directory.

  5. At the command prompt, run ./ag_install.sh.

  6. Review and accept the License Agreement.

  7. (Optional) Specify the local NAT IP address if the local NAT is available for Access Gateway.

  8. Specify the IP address, user ID, and password of the migrated Administration Console.

  9. (When using the existing IP address)Specify the existing IP address of Access Gateway that you noted in Step 1.

    (When using a new IP address)Specify the IP address of Access Gateway.

  10. Go to the migrated Administration Console and verify whether this Access Gateway is added.

  11. Add the newly installed Access Gateway to the existing Access Gateway cluster.

    For more information, see Access Gateways Clusters in the NetIQ Access Manager 5.0 Administration Guide.

    The cluster object stores all the existing Access Gateway configurations. The newly added Access Gateway inherits these configurations.

  12. Convert the newly added Access Gateway node to the master node.

    1. Click Devices > Access Gateways > [Name of Cluster] > Edit.

    2. In the Primary Server list, select Access Gateway and click OK.

  13. Delete the older Access Gateway on Windows.

  14. (When using the existing IP address) Perform the following steps on the Administration Console RHEL machine:

    1. Run sh scripts/migrate_post_ag.sh.

    2. Specify the username and password of the Administration Console administrator.

    3. Restart Access Gateway by running the /etc/init.d/novell-appliance restart command.

    4. Restart Administration Console by running the /etc/init.d/novell-ac restart command.

  15. Restore customized files from the backup taken earlier. To restore files, add files by using Advanced File Configurator to the locations listed in the following table.

    For information about how to add files by using Advanced File Configurator, see Adding Configurations to a Cluster in the NetIQ Access Manager 5.0 Administration Guide.

    Location on Windows

    Location on RHEL

    C:\Program Files\Novell\Tomcat\conf\web.xml

    /opt/novell/nam/mag/conf/web.xml

    C:\Program Files\Novell\Tomcat\webapps\nesp\WEB-INF\web.xml

    /opt/novell/nam/mag/webapps/nesp/WEB-INF/web.xml

    C:\Program Files\Novell\Tomcat\webapps\nesp\jsp

    /opt/novell/nam/mag/webapps/nesp/jsp

    C:\Program Files\Novell\Tomcat\webapps\nesp\html

    /opt/novell/nam/mag/webapps/nesp/html

    C:\Program Files\Novell\Tomcat\webapps\nesp\images

    /opt/novell/nam/mag/webapps/nesp/images

    C:\Program Files\Novell\Tomcat\webapps\agm\WEB-INF\config\current

    /opt/novell/nam/mag/webapps/agm/WEB-INF/config/current

    C:\Program Files\Novell\Tomcat\webapps\nesp\config

    /opt/novell/nam/mag/webapps/nesp/config

Repeat these steps to add other Access Gateways to the Access Gateway cluster.

IMPORTANT:When you configure more than 60 proxy services, Apache fails to start. RHEL has 128 semaphore arrays by default, which is inadequate for more than 60 proxy services. Apache 2.4 requires a semaphore array for each proxy service.

You must increase the number of semaphore arrays depending on the number of proxy services you are going to use. Perform the following steps to increase the number of semaphore arrays to the recommended value:

  1. Open /etc/sysctl.conf.

  2. Add kernel.sem = 250 256000 100 1024

    This creates the following:

    Maximum number of arrays = 1024 (number of proxy services x 2)

    Maximum semaphores per array = 250

    Maximum semaphores system-wide = 256000 (Maximum number of arrays x Maximum semaphores per array)

    Maximum ops per semop call = 100

  3. Use the sysctl -p command to update changes.

  4. Start Apache.