6.2 To Migrate Access Manager Appliance

Prerequisites:

  • Ensure that the health nodes of the primary server on 4.5.x version are green and add the 5.0.1 node as the secondary node.

    For more information about adding the secondary node, see Section 2.2, Installing Access Manager Appliance.

  • Take a backup of the primary Administration Console which is on 4.5.x by using the ambkup.sh script located at /opt/novell/devman/bin. You will get a.zip file with the backup data. Copy this zip file to the 5.0.1 server prior to running the sb_migrate.sh script. The migration script asks for the path to this file as part of the migration process.

  • (Conditional) From Access Manager Appliance 5.0 Service Pack 1 Patch 2 onwards, if you have installed Analytics Dashboard, follow the below procedure before migration.

    1. Stop the Administration Console service.

    2. Replace the appcore.jar file at /opt/novell/nam/adminconsole/webapps/roma/WEB-INF/lib in the Admin console [Primary Access Manager Appliance 4.5.x] for the release that you want to upgrade from, such as Access Manager 4.5.2, 4.5.3, 4.5.4, or 4.5.5.

      NOTE:You must replace the appcore.jar only if Analytics Server is installed in Access Manager.

    3. Restart the Administration Console service.

    4. Install Access Manager Appliance 5.0 Service Pack 1 Patch 2 as a secondary node.

To migrate Access Manager Appliance, the administrator needs to carry out steps on the VM as well as the secondary Access Manager Appliance Administration Console. Following are steps required to be performed on the VM:

  1. Switch off the primary VM which is on 4.5.x.

  2. Log in as root at the secondary Access Manager Appliance and run the /tmp/NAM5.0.1/sb_migrate.sh script. Enter Y when prompted to confirm.

  3. Enter 1 when prompted to select the replica number.

    Select a replica to display an options menu. Enter a replica number(1-1)?
Total number of replicas = 1
PARTITION NAME                            REPLICA TYPE    REPLICA STATE
(1).[Root].                               Read/Write      On
Enter 'q' to escape the operation.

  4. Specify the replica option 5 from the list of 15 options and select I Agree when prompted. This option designates the selected server as the new master replica.

  5. Specify the DN of the admin user in the leading dot notation. For example, .admin.novell. Specify the password.

  6. Specify 1 to specify Root to the prompt.

    This list shows information for each replica stored on this server. Select a replica to display an options menu. 
PARTITION NAME        REPLICA TYPE    REPLICA STATE
(1).[Root].                         Master          On

  7. Specify 10 from the 0-15 replica options to view the Replica Ring.

  8. Select the relevant server number. In the following example, (1) is applicable.

    Finding all servers with replicas
Please Wait...
Replicas Of Partition: .[Root].
Total number of servers in the replica ring = 2
SERVER NAME                           REPLICA TYPE     REPLICA STATE
(1).lakhil_sb.novell                      Read/Write      On
(2).ntsdemo.novell                        Master          On
(3)Return to Replica Options
Enter 'q' to escape the operation.

  9. Specify 6 to remove the primary server from the following Server Options:

                 SERVER OPTIONS
1. Report synchronization status on the selected server
2. Synchronize the replica on the selected server
3. Send all objects to every replica in the ring
4. Receive all objects from the master to this replica
5. View entire servers name
6. Remove this server from replica ring
7. Return to Server List
Enter 'q' to escape the operation

  10. Specify the DN of the admin user in the leading dot notation. For example,.admin.novell. Specify the password.

    You can see the message: The server has been removed from the ring.

  11. Specify the location of the backup file with absolute path. For example, /root/nambkup/sb452_20230316_1532.zip

  12. (Conditional) Specify the password for decrypting the backup data. Re-enter the password for verification.

    After verifying the encrypted password and restoring the certificates, the Access Manager Configuration Backup Utility terminal is displayed.

  13. Specify the Access Manager Administration password. Re-enter the password for verification.

  14. After the certificates are restored, enter the Access Manager Administration Console user ID.

  15. Specify the Access Manager Administration Console password. Re-enter the password for verification.

    NOTE:The administrator must wait for the completion of the migration script. The completion status is displayed on the terminal.

Following are steps required to be performed on the 5.0.1 Administration Console:

  1. Log in to the new Administration Console in a web browser and click Access Gateways.

  2. If the old primary Appliance's Access Gateway is the primary server (shows the red icon next to it), then change the primary Access Gateway server.

    1. Click [Access Gateway cluster name] > Edit.

    2. Select a different primary Access Gateway > click OK > Close.

      Ignore any trust store related warnings.

    3. Click Update All.

      Wait until the status becomes current for all except the old primary Appliance.

  3. Click Troubleshooting.

  4. In Other Known Device Manager Servers, select the old primary Access Manager Appliance and click Remove.

  5. Remove traces of the old primary Access Manager Appliance from the configuration datastore:

    1. In the Access Manager menu bar, select View Objects.

    2. In the Tree view, select novell.

    3. Delete all objects that reference the old primary Access Manager Appliance.

      You should find the following types of objects:

      • SAS Service object with the hostname of the old primary console

      • Any object that starts with the last octet of the IP address of the old primary console

      • LDAP server object with the hostname of the old primary console

      • LDAP group object with the hostname of the old primary console

      • SNMP Group object with the hostname of the old primary console

      • HTTP Server object with the hostname of the old primary console

      • DNS AG object with the hostname of the old primary console

      • DNS EC AG object with the hostname of the old primary console

      • DNS IP object with the hostname of the old primary console

      • SSL CertificateDNS with the hostname of the old primary console

      • SSL EC CertificateDNS with the hostname of the old primary console

      • SSL CertificateIP with the hostname of the old primary console

      • IP AG object with the hostname of the old primary console

      • IP EC AG object with the hostname of the old primary console

      • NCP server object with the hostname of the old primary console

      • PS object with the hostname of the old primary console

  6. (Optional) Go to the user store that displays 4.5.x VM IP that was earlier primary machine and replace that with the new primary machine’s IP. The health status of Identity Server will change to green.

    NOTE:This step is required only if you are using the primary server as the user store in your environment.