Important: Before you upgrade and migrate user data, you must back up the entire hard drive image where the RSA Authentication Manager 7.0 replica instance is installed.
To prepare for migration on the replica instance:
1. Add Patch 7.0.4 to the RSA Authentication Manager 7.0 directory on the replica instance. This installs updated replication command line utilities to the
RSA Authentication Manager 7.0 utils directory. The patch can be downloaded from RSA SecurCare Online.
2. Create a utils-7.1 directory within the RSA Authentication Manager 7.0 directory on the primary instance in the same directory as the existing utils directory, and copy all of the files from DVD_Drive/auth_mgr/platform/ims/ ims-kit/utils to this directory.
3. Copy the wlclient.jar file from RSA_AM_HOME/appcore/server/lib to the utils-7.1/jars/thirdparty directory.
4. In the utils-7.1 directory, modify the rsaenv.cmd file. Do the following:
a. Verify that the following line exists in the file:
set JAVA_OPTIONS=%JAVA_OPTIONS%
-DMIGRATION_VERBOSE_MODE=true b. Edit the following values:
set BEA_HOME=@BEA_HOME set WL_HOME=@WL_HOME
set JAVA_OPTIONS=%JAVA_OPTIONS%
-Dweblogic.security.TrustKeyStore=@TRUST_KEY_STORE set JAVA_OPTIONS=%JAVA_OPTIONS%
-Dweblogic.security.CustomTrustKeyStoreFileName=@CUSTO M_TRUST_KEY_STORE
set JAVA_OPTIONS=%JAVA_OPTIONS%
-Dweblogic.security.SSL.trustedCAKeyStore=@CUSTOM_TRUS T_KEY_STORE
set CLU_USER=@CLU_USER
set RSA_IMS_HOME=@RSA_IMS_HOME set RSA_JAVA_HOME=@RSA_JAVA_HOME set PLATFORM_LIBS=@PLATFORM_LIBS
For example:
set BEA_HOME=C:\Program Files\RSA Security\RSA Authentication Manager\
set WL_HOME=C:\Program Files\RSA Security\RSA Authentication Manager\appcore
set WLS_HOME=%WL_HOME%\server set JAVA_OPTIONS=%JAVA_OPTIONS%
-Dweblogic.security.TrustKeyStore=CustomTrust
set JAVA_OPTIONS=%JAVA_OPTIONS%-Dweblogic.security.CustomT rustKeyStoreFileName=C:\Program Files\RSA Security\RSA Authentication Manager\jdk\jre\lib\security\cacerts set JAVA_OPTIONS=%JAVA_OPTIONS%
-Dweblogic.security.SSL.trustedCAKeyStore=C:\Program Files\RSA Security\RSA Authentication
Manager\jdk\jre\lib\security\cacerts set CLU_USER=qeuser
set RSA_IMS_HOME=C:\Program Files\RSA Security\RSA Authentication Manager\
set RSA_JAVA_HOME=C:\Program Files\RSA Security\RSA Authentication Manager\jdk
set PLATFORM_LIBS=win32-x86 5. Generate the classpath.jar file.
a. Change directories to RSA_AM_HOME/utils-7.1.
b. Type:
rsautil generate-classpath
6. Export the managed secrets from RSA Authentication Manager 7.0 to a file named secrets.prop:
a. On the primary instance, change directories to RSA_AM_HOME/utils.
b. Type:
rsautil manage-secrets --action export --file etc\secrets.prop --file-password file_password where:
• secrets.prop is the name of the managed secrets file.
• file_password is the password for opening the managed secrets file.
7. Copy the secrets.prop file from the utils/etc directory to the utils-7.1/etc directory.
8. In the utils-7.1/etc directory, modify the jndi.properties file. Set the following:
a. The Authentication Manager server hostname (FQN):
RSA Authentication Manager 7.1 Installation and Configuration Guide
98 8: Upgrading from RSA Authentication Manager 7.0
c. The database server name:
com.rsa.db.instance=database_server_name d. The database domain:
com.rsa.db.domain=database_domain (for example, ims.rsa) e. The Oracle home location (Oracle only):
com.rsa.db.oracle.home=Oracle_installation_directory (for example, RSA_AM_HOME/db)
Note: On Windows, use double slashes (\\) and if there are spaces in the directory, use the short name notation.
9. Import the managed secrets from the secrets.prop file that you created in step 6 to utils-7.1:
a. On the primary instance, change directories to RSA_AM_HOME/utils-7.1.
b. Type:
rsautil manage-secrets --action import
--file etc\secrets.prop --file-password file_password where:
• secrets.prop is the name of the managed secrets file that you created in step 6.
• file_password is the password that you made for opening the managed secrets file.
10. Create a directory to contain all of the migration script files, such as C:\migration_scripts.
11. Copy all of the script files and directories to the migration script directory that you just created. Do the following:
a. Copy everything from DVDDrive:/auth_mgr/platform/dbscripts/
config/ims/db/scripts/schema/oracle/migration to C:\migration_scripts.
b. Copy everything from DVDDrive:/auth_mgr/platform/dbscripts/config/am/
db/scripts/schema/migration to C:\migration_scripts.
Note: If prompted that this will overwrite the files, click Yes to overwrite the files.
c. Copy all sql scripts (*.sql) from DVDDrive:/auth_mgr/platform/ucm to C:\migration_scripts/am70_71.
where:
• DVDDrive is the location of the RSA Authentication Manager 7.1 DVD.
• platform is the platform, such as windows-x86.
12. Make all of the files in the migration script directory writable.
13. Stop the RSA Authentication Manager 7.0 server including all primary instances, replica instances, and server nodes, but keep the database running.
14. Update the migration scripts:
a. In RSA Authentication Manager 7.1, change directories to RSA_AM_HOME/utils.
b. Type:
rsautil migrate-amapp --action updateScripts -d migration_scripts_directory -V
15. Initialize migration on the replica instance:
a. On the replica instance, change directories to RSA_AM_HOME/utils-7.1.
b. Type:
rsautil migrate-amapp -a initMigrationOnReplica -d migration_scripts_directory -V
16. Enable runtime data capture on each replica instance:
a. On the replica instance, change directories to RSA_AM_HOME/utils-7.1.
b. Type:
rsautil migrate-amapp -a backupAudit -d migration_scripts_directory -V
17. Back up the replica instance internal database to a file named replica_backup.bak:
a. On the replica instance, change directories to RSA_AM_HOME/utils-7.1.
b. Type:
rsautil migrate-amapp -a backupReplica
-f replica_backup.bak -d migration_scripts_directory -V
c. Navigate to RSA_AM_HOME/utils-7.1 and make sure that no errors are recorded in the backup log file. If errors are present, make any necessary changes and run the backupPrimary action again.
RSA Authentication Manager 7.1 Installation and Configuration Guide
100 8: Upgrading from RSA Authentication Manager 7.0