6.2 To Migrate Access Manager Appliance

Prerequisites:

  • Before starting the migration progress, ensure the following points:

  • Take a backup of the primary Administration Console which is on 4.5.x by using the ambkup.sh script. You will get a.zip file with the backup data. Copy this zip file to the 5.0.1 server prior to running the sb_migrate.sh script. The migration script asks for the path to this file as part of the migration process.

  • From Access Manager Appliance 5.0 Service Pack 1 Patch 2 onwards, if you have installed Analytics Dashboard, following the below procedure before migration.

    1. Stop the Administration Console service.

    2. Replace the appcore.jar file at /opt/novell/nam/adminconsole/webapps/roma/WEB-INF/lib in the Admin console [Primary Access Manager Appliance 4.5.x] for the release that you want to upgrade from, such as Access Manager 4.5.2, 4.53, 4.5.4, or 4.5.5.

      NOTE:You must replace the appcore.jar only if Analytics Server is installed in Access Manager.

    3. Restart the Administration Console service.

    4. Install Access Manager Appliance 5.0 Service Pack 1 Patch 2 as a secondary node.

Perform the following steps to migrate Access Manager Appliance:

  1. Switch off the primary VM which is on 4.5x.

  2. Run the /tmp/NAM5.0.1/sb_migrate.sh script.

    At the secondary Access Manager Appliance, log in as root.

  3. Enter Y when prompted to confirm if you would like to continue with the migration.

    Would you like to continue (y/n)?

  4. Enter 1 when prompted to select the replica number.

    Select a replica to display an options menu. Enter a replica number(1-1)?
Total number of replicas = 1
PARTITION NAME                            REPLICA TYPE    REPLICA STATE
(1).[Root].                               Read/Write      On
Enter 'q' to escape the operation.

  5. Specify the replica option 5 from the list of 15 options. This option designates the selected server as the new master replica.

  6. Specify I Agree when prompted with This option will designate this server as the new master replica.

  7. Specify the DN of the admin user in the leading dot notation. For example, .admin.novell

  8. Specify the password.

  9. Specify 1 to specify Root to the prompt.

    This list shows information for each replica stored on this server. Select a replica to display an options menu. 
PARTITION NAME        REPLICA TYPE    REPLICA STATE
(1).[Root].                         Master          On

  10. Specify 10 from the 0-15 replica options to view the Replica Ring.

  11. Select the relevant server number. In the following example, (1) is applicable.

    Finding all servers with replicas
Please Wait...
Replicas Of Partition: .[Root].
Total number of servers in the replica ring = 2
SERVER NAME                           REPLICA TYPE     REPLICA STATE
(1).lakhil_sb.novell                      Read/Write      On
(2).ntsdemo.novell                        Master          On
(3)Return to Replica Options
Enter 'q' to escape the operation.

  12. Specify 6 to remove the primary server from the following Server Options:

                 SERVER OPTIONS
1. Report synchronization status on the selected server
2. Synchronize the replica on the selected server
3. Send all objects to every replica in the ring
4. Receive all objects from the master to this replica
5. View entire servers name
6. Remove this server from replica ring
7. Return to Server List
Enter 'q' to escape the operation

  13. Specify the DN of the admin user in the leading dot notation. For example, .admin.novell

  14. Specify the password.

    You can see the message: The server has been removed from the ring.

  15. Specify the location of the backup file with absolute path. For example, SLES10/root/a.txt

  16. Specify the password for decrypting the backup data.

  17. Re-enter the password for verification.

    After verifying the encrypted password and restoring the certificates, the Access Manager Configuration Backup Utility terminal is displayed.

  18. Specify the Access Manager Administration password.

  19. Re-enter the password for verification.

  20. After the certificates are restored, enter the Access Manager Administration user ID.

  21. Specify the Access Manager Administration password.

  22. Re-enter the password for verification.

  23. On the Home page, click Access Gateways.

  24. If the old primary Appliance's Access Gateway is the primary server (shows the red icon next to it), then change the primary Access Gateway server.

    1. Click [Access Gateway cluster name] > Edit.

    2. Select a different primary Access Gateway > click OK > Close.

      Ignore any trust store related warnings.

    3. Click Update All.

      Wait until the status becomes current for all except the old primary Appliance.

  25. On the Home page, click Troubleshooting.

  26. In Other Known Device Manager Servers, select the old primary Access Manager Appliance and click Remove.

  27. Remove traces of the old primary Access Manager Appliance from the configuration datastore:

    1. In the Access Manager menu bar, select View Objects.

    2. In the Tree view, select novell.

    3. Delete all objects that reference the old primary Access Manager Appliance.

      You should find the following types of objects:

      • SAS Service object with the hostname of the old primary console

      • Any object that starts with the last octet of the IP address of the old primary console

      • LDAP server object with the hostname of the old primary console

      • LDAP group object with the hostname of the old primary console

      • SNMP Group object with the hostname of the old primary console

      • HTTP Server object with the hostname of the old primary console

      • DNS AG object with the hostname of the old primary console

      • DNS EC AG object with the hostname of the old primary console

      • DNS IP object with the hostname of the old primary console

      • SSL CertificateDNS with the hostname of the old primary console

      • SSL EC CertificateDNS with the hostname of the old primary console

      • SSL CertificateIP with the hostname of the old primary console

      • IP AG object with the hostname of the old primary console

      • IP EC AG object with the hostname of the old primary console

      • NCP server object with the hostname of the old primary console

      • PS object with the hostname of the old primary console

  28. (Optional) Go to the user store that displays 4.5.x VM IP that was earlier primary machine and replace that with the new primary machine’s IP. The health status of Identity Server will change to green.

    NOTE:This step is required only if you are using the primary server as the user store in your environment.