In this release of Access Manager, all the components are native 64-bit applications running on 64-bit architecture.
IMPORTANT:Before moving to Access Manager 3.2, ensure that you are on Access Manager 3.1 SP4 or a higher version.
This section contains details on the following:
Ensure that you meet the following requirements before you decide to move to Access Manager 3.2:
You are currently on Access Manager 3.1 SP4 or a higher version. If your current version of Access Manager is not 3.1 SP4, see Access Manager 3.1 Installation Guide.
All the components are configured to the same Network Time Protocol (NTP) server. This is required to synchronize the time across all components.
You have physical access to the server or server console (in case of VMWare setups) as a root user and are familiar with firewall configurations. The required ports also must be opened in the firewall. For more information on the ports, see Section 2.1, Port Details.
You have read and understood the network requirements. For details, see Installation Requirements
in the NetIQ Access Manager 3.2 SP2 IR2 Installation Guide
Migration is the process in which you install the latest version of Access Manager on a new server and then migrate the existing data to the new server.
During the migration process you can either provide a new IP address and host name or reuse an existing IP address.
IMPORTANT:The host name of the new 3.2 Administration Console must be different from the existing 3.1 SP4 primary and secondary Administration Consoles.
Migration can be used in the following cases:
You are on a 32-bit architecture and you need to move to a 64-bit architecture. For example, your existing setup is on a 32-bit SLES (SUSE Linux Enterprise Server) 10 SP2 and you plan to move to a 64-bit SLES 11 SP1 or higher operating system.
You are on a 32-bit architecture and you need to move to a 64-bit architecture. For example, your existing setup is on a 32-bit Windows 2003 and you plan to move to a 64-bit Red Hat 6.2 or 6.3 version.
You have an existing 64-bit architecture but your operating system is 32-bit. For example, you have a 64-bit server on which a 32-bit operating system is installed.
You plan to re-architecture your Access Manager setup. For example, you already have one Administration Console installed but you plan to add one more Administration Console to the setup.
Upgrade is the process through which the existing components are moved to a higher version on the same machine. As the underlying operating system does not change, this process is also referred to as an in-place upgrade.
Upgrade can be used in a scenario where you are already on a 64-bit architecture setup.During the process of upgrade, the existing IP addresses and hardware are reused.
For example: If you are already on Windows 2008 64-bit platform, you can directly upgrade to Access Manager 3.2.
In addition to the migrate and upgrade process described above, you can also choose to install Access Manager 3.2 on a new 64-bit setup. After manually reconfiguring and confirming that the new 3.2 setup is working fine, you can decommission the old 3.1 SP4 setup.
IMPORTANT:To avoid service disruptions, you can install Access Manager 3.2 devices such as Identity Provider, Access Gateway Service, and SSL VPN on a new 64-bit server and then add them to the existing cluster. Once the version 3.2 setup is functional, you can de-commission the 3.1 SP4 setup.
Before you decide to upgrade or migrate, it is important to assess your current setup in terms of version of Access Manager and the components installed, hardware and the operating system.
Current Version of Access Manager: Before you move to Access Manager 3.2, ensure that you are on Access Manager 3.1 SP4 or a higher version. If your current version of Access Manager is not 3.1 SP4, upgrade using the instructions at Access Manager 3.1 Installation Guide
Current Hardware: If your current operating system is on a 32-bit architecture, migrate to a 64-bit architecture. This is required because all the components of Access Manager 3.2 are on 64-bit architecture.
Current Operating System: You can move to Access Manager 3.2 from a SLES platform or a Windows platform.
Access Manager components: Identify the combination of Access Manager components that are currently installed in your setup. This will help you determine if you need to upgrade, migrate or do a combination of both.
For example, assume you have Administration Console and Identity Server installed in Windows 2008 and the 3.1 SP4 Access Gateway Appliance is installed in SLES.
In this scenario, you will first upgrade the Administration Console and the Identity Server. But the 3.1 SP4 Access Gateway Appliance needs to be migrated to 3.2 Access Gateway Appliance.
The following table indicates if you must migrate or upgrade based on your existing setup:
Table 1-1 Determining the Path to Move to Access Manager 3.2
|
Platforms |
Windows 2003 |
Windows 2008 |
SLES |
|---|---|---|---|
|
Administration Console/Identity Server |
Migrate For more information seeSection 2.4.2, Migrating Administration Consoles From Windows 2003 to Windows 2008 |
Upgrade For more information see, Migrate |
Migrate For more information see, |
|
Access Gateway Appliance (also known as Linux Access Gateway) |
NA |
Migrate |
Migrate For more information, see Migrating 3.1 SP4 or Later Access Gateway Appliance to 3.2 Access Gateway Appliance |
|
Access Gateway Service |
NA |
Upgrade For more information, see Upgrading the Windows Access Gateway Service |
Upgrade For more information see, Upgrading the 3.1 SP4 Access Gateway Service |
|
SSL VPN |
NA |
NA |
Migrate For more information, see Migrating SSL VPN |
IMPORTANT:J2EE agents cannot be migrated or upgraded. You have to install the J2EE agents on the new Access Manager 3.2 setup. For more information see, NetIQ Access Manager 3.2 SP2 J2EE Agent Guide
Before you migrate to the Access Manager 3.2 setup, you must decide if you want to reuse your existing IP address or use a new IP address to setup the system.
If you are already on a 64-bit architecture (Access Manager 3.1 SP4 installed on a 64-bit hardware), you can choose to reuse the existing IP address, whereas if you have decided to move to new 64-bit servers, you must use new IP addresses.
NOTE:In case of Primary Administration Console migration, you will need a new IP address, that will be temporarily used by the new 3.2 Administration Console. During the migration process, this new IP address is replaced with the original 3.1.4 Administration Console IP address.
The details on how to use both scenarios to migrate your Access Manager components is explained in Section 2.0, Migrating Access Manager .