Applies to: IDENTIKEY Authentication Server 3.X KB 120090 – 11/12/2012 13:15
© 2009 VASCO Data Security. All rights reserved. Page 1 of 9
KB 120090
How to move an IDENTIKEY Authentication Server
with embedded PostgreSQL DB to a new machine
with new IP address?
Creation date: 16/06/2009 Last Review: 11/12/2012 Revision number: 2
Document type: How To Security status: EXTERNAL
Summary
This article describes how to move an IDENTIKEY Authentication Server with
embedded PostgreSQL Database to a different machine, with a different IP address.
Details.
We will describe step by step how to move an existing installation of IDENTIKEY Authentication Server 3.0 or 3.1 with embedded Database to a new machine with a different IP address.
In our example we will refer to:
• The existing installation as old server. The IP address of this machine is 10.10.5.80 • The server where the IDENTIKEY Authentication Server has to be moved to as the
new server. The IP address of this machine is 10.10.5.111
In summary, the process to move the installation consists of the following steps: 1. On the old server, create an Identikey Server Component for the new server. 2. On the old server, license the new component, created in step 1.
3. On the old server, add an administration component for the IP address of the new server.
4. On the old server, backup the database to a file.
5. On the new server, install the IDENTIKEY Authentication Server from scratch, and configure it identically to the old server.
6. On the new server restore the database of the old server.
7. On the new server, restart the IDENTIKEY Authentication Server service and check that the IDENTIKEY Authentication Server started up correctly.
8. On the new server, remove the Identikey Server Component of the old server, and eventually client record from the old server.
IDENTIKEY Authentication Server.
1. On the old server, create an IDENTIKEY Server Component for the new server.
Create an Identikey Server Component with the IP address of the new server, as show in the screenshots below:
Applies to: IDENTIKEY Authentication Server 3.X KB 120090 – 11/12/2012 13:15
© 2009 VASCO Data Security. All rights reserved. Page 3 of 9
The result is 2 Identikey Servers. One for the old server, and one for the new server:
2. On the old server, license the new Identikey Server Component, created in step 1.
When trying to generate the license for the new IP address, you might run into the error: “you are trying to register more components than you have bought”
In that case you will have to contact your reseller (or VASCO support directly if you are a VASCO Certified Engineer) to have your license reset.
3. On the old server, add an administration component for the IP address of the new server.
Applies to: IDENTIKEY Authentication Server 3.X KB 120090 – 11/12/2012 13:15
© 2009 VASCO Data Security. All rights reserved. Page 5 of 9
Be sure to specify the IP address of the new server as the Location. Select the same Policy as the policy that is used for the old IDENTIKEY Authentication Server:
• Open a DOS box
• Change to the directory:
C:\Program Files\VASCO\Identikey 3.0\PostgreSQL\bin
• Run the command below, to write the VM PostgreSQL database to a single backup file:
pg_dump –f “c:\temp\IKDB.bku” –Fc –Z9 –U digipass postgres
• c c:\temp\IKDB.bku is the path and filename where the backup file will be written
• digipass is the database administrator account created by default during the installation. If you have changed the account, make sure to use the correct account.
• You will be prompted for the password of the database administrator account to access the database. The default password created during installation is digipassword. If you have changed it, make sure to use the correct password.
• Optionally, you can use the –v option to get verbose output of the backup process.
5. On the new server, install the IDENTIKEY Authentication Server from scratch, and configure it identically to the old server .
During installation, you can eventually license the IDENTIKEY Authentication Server with the license file from step 2.
After the installation, you can eventually create a testuser and use the VASCO Radius simulator to confirm the installation went correct and the IDENTIKEY Authentication Server is operating correctly.
6. On the new server restore the database of the old server. • Open a DOS box
• Change to the directory:
C:\Program Files\VASCO\Identikey 3.0\PostgreSQL\bin
• Run the command below, to restore the database backup file, created in step 5 pg_restore –d postgres –c –U digipass “c:\temp\IKDB.bku”
• digipass is the database administrator account created by default during the installation. If you have changed the account, make sure to use the correct account
Applies to: IDENTIKEY Authentication Server 3.X KB 120090 – 11/12/2012 13:15
© 2009 VASCO Data Security. All rights reserved. Page 7 of 9
• You will be prompted for the password of the database administrator account to access the database. The default password created during installation is digipassword. If you have changed it, make sure to use the correct password.
• Optionally, you can use the –v option to get verbose output of the restore process.
• After the restore of the database, run the command below: vacuumdb –z –d postgres –U digipass
• digipass is the database administrator account created by default during the installation. If you have changed the account, make sure to use the correct account
• You will be prompted for the password of the database administrator account to access the database. The default password created during installation is digipassword. If you have changed it, make sure to use the correct password.
• Optionally, you can use the –v option to get verbose output.
7. Restart the Authentication service and check the IDENTIKEY Authentication Server started up correctly.
Check in the Auditviewer that the IDENTIKEY Authentication Server started successfully:
Start the Identikey Web Administration and test that you can log in successfully. Please note that, since you have restored the database from the old server on the new server, you will have to use the userID and password of the administrative user from the old server.
Applies to: IDENTIKEY Authentication Server 3.X KB 120090 – 11/12/2012 13:15