The migration of Identity Reporting involves the following:
Upgrade the Data Collection Services and Managed Services Gateway driver packages. For more information, see Upgrading Installed Packages of the NetIQ Designer for Identity Manager Administration Guide.
NOTE:While upgrading the packages, ensure that you specify the details of the new Identity Reporting server.
Deploy the drivers. For more information, see Deploying the Drivers for Identity Reporting.
(Conditional) If you are migrating from 4.5.x and desire to migrate the EAS data, perform the steps from Migrating Your Existing Data to a New Database.
Open the project in Designer and run the Project Checker on the migrated objects.
For more information, see Validating Provisioning Objects
in the NetIQ Identity Manager - Administrator’s Guide to Designing the Identity Applications. If validation errors exist for the configuration, you are informed of the errors. These errors must be corrected before you can deploy the driver.
In the Outline view, right-click the Data Collection Services driver.
Select Deploy.
Repeat this process for each Data Collection Services driver in the driver set. Once the Data Collection Service driver is deployed, repeat this process for Managed Service Gateway driver.
NOTE:The Identity Manager 4.7 reports will not use the audit data that is migrated from EAS to SLM for IGA. Instead, these reports will use the audit data that is directly synchronized from SLM for IGA. If you are migrating EAS data it is recommended to migrate to a seperate DB like SIEM
You must create the required roles and table spaces to ensure there are no failures during migration.
Prepare the New PostgreSQL Database
Stop EAS to ensure that none of the events are sent to the EAS server.
Using iManager, stop the DCS driver:
Log in to iManager.
Stop the DCS driver.
Edit the driver properties to change the startup option to Manual.
This step ensures that the driver does not start automatically.
Run the following SQL commands to create the required roles, table space, and database using PGAdmin.
This step ensures there are no failures during migration.
Run the following commands to create the required roles:
CREATE ROLE esec_app NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE; CREATE ROLE esec_user NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE; CREATE ROLE admin LOGIN ENCRYPTED PASSWORD '<specify the password for admin>' NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE; GRANT esec_user TO admin; CREATE ROLE appuser LOGIN ENCRYPTED PASSWORD '<specify the password for appuser>' NOSUPERUSER INHERIT NOCREATEDB CREATEROLE; GRANT esec_app TO appuser; CREATE ROLE dbauser LOGIN ENCRYPTED PASSWORD '<specify the password for dbauser>' SUPERUSER INHERIT CREATEDB CREATEROLE; CREATE ROLE idmrptsrv LOGIN ENCRYPTED PASSWORD '<specify the password for idmrptsrv>' NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE; GRANT esec_user TO idmrptsrv; CREATE ROLE idmrptuser LOGIN ENCRYPTED PASSWORD '<specify the password for idmrptuser>' NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE; CREATE ROLE rptuser LOGIN ENCRYPTED PASSWORD '<specify the password for rptuser>' NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE; GRANT esec_user TO rptuser;
(Conditional) Run the following command for creating table spaces:
CREATE TABLESPACE sendata1 OWNER dbauser LOCATION '<provide the location where table space has to be created>';
For example,
CREATE TABLESPACE sendata1 OWNER dbauser LOCATION '</opt/netiq/idm/apps/postgres/data>';
(Conditional) If you want to migrate the existing EAS data, NetIQ recommends that you run the following command to create a SIEM database:
CREATE DATABASE "SIEM" WITH OWNER = dbauser ENCODING = 'UTF8' TABLESPACE = sendata1 CONNECTION LIMIT = -1;
Run the following command to create a Reporting database:
CREATE DATABASE "idmrptdb" WITH OWNER = dbauser ENCODING = 'UTF8' CONNECTION LIMIT = -1;
Perform the following actions only if you are currently running Identity Manager 4.5.x and want to migrate your existing EAS data to a SIEM database:
Stop EAS to ensure that none of the events are sent to the EAS server.
Using iManager, stop the DCS driver:
Log in to iManager.
Stop the DCS driver.
Edit the driver properties to change the startup option to Manual.
This step ensures that the driver does not start automatically.
Export the data from EAS database to a file:
Log in to the EAS user account:
# su - novleas
Specify a location where the EAS user has full access, for example, /home/novleas.
Navigate to the PostgreSQL installation directory and execute the following commands:
For example,
export PATH=/opt/novell/sentinel_eas/3rdparty/postgresql/bin/:$PATH
export LD_LIBRARY_PATH=/opt/novell/sentinel_eas/3rdparty/postgresql/lib/:$LD_LIBRARY_PATH
Export the data to a .sql file using the following command:
./pg_dump -p <portnumber> -U <username> -d <dbname> -f <export location>
For example,
./pg_dump -p 15432 -U dbauser SIEM -f /home/novleas/SIEM.sql
Stop EAS to ensure that none of the events are sent to the EAS server.
Using iManager, stop the DCS driver:
Log in to iManager.
Stop the DCS driver.
Edit the driver properties to change the startup option to Manual.
This step ensures that the driver does not start automatically.
Import the EAS data to the new PostgreSQL database:
Copy the exported .sql file to a location where the postgres user has full access. For example, /opt/netiq/idm/postgres
Execute the following command to import the EAS data to the PostgreSQL database.
psql -d <dbname> -U <username> -f <full path where the exported file is located>
For example,
psql -d SIEM -U postgres -f /opt/netiq/idm/apps/postgres/SIEM.sql
Check for any migration log errors and resolve them.
Perform the following actions only if you are currently running Identity Manager 4.6.x and want to migrate your existing reporting data to a new server:
Log in as postgres user to the server where PostgreSQL is installed.
#su - postgres
Export the data to a .sql file. Ensure that the Postgres user has full access to the directory where you want to export the file:
pg_dump -p <portnumber> -U <username> -d <dbname> -f <export location>
For example,
pg_dump -p 5432 -U dbauser -W idmrptdb -f /tmp/idmrptdb.sql
Log in as postgres user to the server where PostgreSQL is installed.
#su - postgres
Import the data to the new PostgreSQL database.
Copy the exported .sql file to a location where postgres user has full access.
Execute the following command to import data to the PostgreSQL database.
psql -d <dbname> -U <username> -f <full path where the exported file is located>
For example,
psql -d idmrptdb -U dbauser -f /tmp/idmrptdb.sql
Check for any migration log errors and resolve them.
Download the Identity_Manager_4.7_Linux.iso from the NetIQ Downloads website.
Mount the .iso.
From the /mnt/ directory, install Identity Reporting.
./install.sh
Configure Identity Reporting.
./configure.sh
Select Custom configuration and choose No for the following prompts:
Do you want to configure PostgreSQL database on current server?
Do you want to install a new driverset?
NOTE:By default, Identity Reporting installation creates and deploys the drivers for Managed Services Gateway and Data Collection Services.
Navigate to the configuration update utility located at /opt/netiq/idm/apps/configupdate directory and ensure that the configuration settings are correct:
./configupdate.sh
After the reporting server is configured, you need to create the data synchronization policy for forwarding events from SLM for IGA to the reporting database. The following considerations apply when upgrading to Identity Reporting 4.7.
NOTE:
If you are upgrading from Identity Reporting 4.5.6 to Identity Reporting 4.7, you must create a new policy in the Identity Manager Data Collections Services page. For more information, see About the Data Sync Policies tab section of the Administrator Guide to NetIQ Identity Reporting.
If you are upgrading from Identity Reporting 4.6.x to Identity Reporting 4.7, follow the steps from Identity Manager Upgrade Issuesof the NetIQ Identity Manager 4.7 Release Notes.