Chapter 3: Upgrading the Secure Proxy
Server
This section contains the following topics:
SPS Upgrade Overview (see page 37)
Upgrading from SPS v5.5 or v1.1 (see page 38)
Upgrading from SPS v6.0 SP1 or SP2 (see page 38)
Additional Tasks for Upgrades (see page 39)
SPS Upgrade Overview
You can upgrade from a previous version of the SPS by running the installation program on a system where the SPS is already installed. When you begin the installation, it asks if you would like to upgrade. After confirmation, the installation proceeds.
Important! If you customized your existing SPS deployment, make the same modifications to the upgraded SPS configuration so that it can operate in your environment.
More information:
38 Administration Guide
Upgrading from SPS v5.5 or v1.1
To upgrade from SPS v5.5 or v1.1 to SPS r6.0 SP3, run the installation program. The installation program asks whether you are upgrading from v5.5 when no installed 6.x version was detected. If you are upgrading from v5.5 or v1.1, provide the location of your current installation before continuing with the installation of the newer version.
If you are upgrading from SPS v5.5 or earlier, add the following directives to httpd-ssl.conf file:
■ JkWorkersFile full_path_to_server.conf ■ JkLogFile "logs/mod_jk.log"
■ JkLogLevel error ■ JkMount/* ajp13
Note: You can have a 5.x and a 6.x version on the system at the same time. You can see services for both versions listed in the Services panel. Make the services for the previous version a manual startup. Never run both version at the same time. You must uninstall the previous version to remove its services.
Upgrading from SPS v6.0 SP1 or SP2
Run the Configuration Wizard after installing or upgrading to SPS v6.0 SP3, because Apache 2.0 uses different configuration files than earlier versions of Apache. SPS v6.0 SP3 implements Apache 2.0; earlier versions of the SPS implemented a different version of Apache.
Restart the SPS services after any change to the Apache configuration file (these changes are not reflected automatically in a new build).
If you run the Configuration Wizard for a second time for an upgrade, the wizard automatically disables the SSL settings, so you must follow the manual steps to enable SSL. In addition, be sure that the SSLCACertificateFile listed in
server.conf is located in the specified path.
More information:
Chapter 3: Upgrading the Secure Proxy Server 39
Additional Tasks for Upgrades
At the end of the installation process, you can perform some additional steps to support the upgrade. Depending on the amount of customization in your SPS deployment, you can perform one or more of the following tasks:
■ Verify that the SSL configuration paths inside the ssl.conf file and the server.conf file are correct for your environment. The automated portion of the upgrade assumes that all certificates are in the default location.
■ Verify that all certificates, Certificate Authorities, and keys have been correctly copied to their folders in the sps_home\secure-proxy\SSL.
■ Modify the path to the proxy rules DTD file in the proxyrules.xml file. The dtd path is sps_home\proxy-engine\conf\dtd\proxyrules.dtd.
■ If you are upgrading from SPS r6.0 to SPS r6.0 SP 3, add the following parameter to the <VirtualHostDefaults> section in the server.conf file before running the upgrade:
enablerewritecookiepath="no"
This addition is done automatically when upgrading from SPS r6.0 SP 1 or later.
Modify the Default Location of the SiteMinder Forms
Beginning with SPS v6.0, the default location of the SiteMinder forms is no longer /siteminderagent/forms. To continue to use this location to serve forms, modify the forms location for SPS.
To modify the forms location
1. Create the siteminderagent directory in the following location:
sps_home/proxy-engine/examples/siteminderagent 2. Copy the forms folder from the following directory
sps_home/proxy-engine/examples to the following directory:
sps_home/proxy-engine/examples/siteminderagent The forms are copied to
40 Administration Guide
Duplicate Custom Settings
If you have created any custom settings in your current installation, duplicate them in the new one. For example, if you have configured additional virtual hosts, you would add these additional configuration directives to the httpd.conf file.
To duplicate custom settings
1. Modify the httpd.conf file. 2. Modify the ssl.conf file.
In release r6.0 SP3, the ssl.conf file has been renamed and moved to
sps_home\httpd\conf\extra\httpd-ssl.conf. 3. Modify the server.conf file.
During the upgrade, the existing server.conf file is backed up to a file named server.conf-date.bak in the sps_home\secure-proxy\proxy-engine\conf directory.
4. Copy the existing custom session schemes and filter class files to the new installation.
5. Deploy any custom Java class or .jar files related to the SPS filter or session scheme APIs.
Customize JVM Parameters
You can customize Java Virtual Machine (JVM) parameters in the following files:
■ On Windows, modify the SmSpsProxyEngine.properties file located in the directory sps_home\proxy-engine\conf.
■ On UNIX, modify the proxyserver.sh file located in the directory