The following procedure can be used to migrate a stand-alone Administration Console or an Administration Console installed either with the Identity Server or the SSL VPN server, or both of them:
Make a note of the DNS name and the IP address of the primary Administration Console.
Back up your 3.1.5 configuration.
For instructions, see Backing Up the Access Manager Configuration
in the Novell Access Manager 3.1 SP5 Administration Console Guide.
Move the backup configuration file to a different machine.
If you are going to re-install on the same machine, all data of the machine is lost. If you install on new hardware, the old machine must be removed from the network.
(Conditional) If an Identity Server is installed on the same machine as the Administration Console:
Remove the Identity Server from the L4 switch configuration.
Back up any customized files on the Identity Server.
(Conditional) If you are planning to install the primary Administration Console on new hardware, bring down the existing primary Administration Console and remove it from the network.
Perform a fresh install of SLES 11.
Make sure the following packages are installed:
gettext: The required library and tools to create and maintain message catalogs.
python (interpreter): The basic Python object-oriented programming package.
compat: Libraries to address compatibility issues. On SLES 11, the compat-32bit package is available in the SLES11-Extras repository. For information on enabling this repository, see TID 7004701.
Use YaST to install the packages.
Use the following command to verify:
rpm -qa | grep <package name>
Copy the backup configuration file to the machine.
Copy the SP5 installation file to the machine.
Remove this machine from the network.
NOTE:This step is required to avoid any traffic from the remote devices to this Administration Console in the current state. This also avoids any conflict between the eDirectory tree names of the primary and secondary Administration Console.
Install the 3.1.5 version of the Administration Console.
Use the same IP address and DNS name. For instructions, see Installing the Access Manager Administration Console.
Restore your configuration.
For instructions, see Restoring an Administration Console Configuration
in the Novell Access Manager 3.1 SP5 Administration Console Guide.
Open iMonitor on the primary Administration Console:
Enter the following URL:
https://<ip-address>:8030/nds
Replace <ip-address> with the IP address of your Administration Console.
Disable the outbound and inbound synchronization in the primary Administration Console eDirectory.
For more information, see “Enabling/Disabling Normal Synchronization” in the eDirectory documentation.
Connect this machine to the network so that the primary Administration Console is visible to all the devices.
(Conditional) If an Identity Server was installed on the same machine as the Administration Console:
Remove the Identity Server from the cluster configuration.
Delete the Identity Server from the Administration Console.
Install the 3.1.5 version of the Identity Server.
Restore any customized files to the Identity Server.
Add the Identity Server to the cluster configuration.
Add the Identity Server to the L4 switch configuration.
(Conditional) If an SSL VPN server was installed on the same machine as the Administration Console, install the 3.1.5 version of the SSL VPN server.
Bring down any secondary consoles.
Re-enable eDirectory synchronization on the primary Administration Console:
Enter the following URL:
https://<ip-address>:8030/nds
Replace <ip-address> with the IP address of your primary Administration Console.
Enable the outbound and inbound synchronization.
For more information, see “Enabling/Disabling Normal Synchronization” in the eDirectory documentation.
Remove any secondary consoles from the configuration:
In the Administration Console, click > .
In the section, use the button to remove any secondary consoles.
Uninstall the secondary consoles. For instructions, see Section 9.4, Uninstalling the Administration Console.
Reinstall the secondary consoles as secondary consoles to the new primary console.
Install SLES 11, then install the SP5 version of the Administration Console.
Back up your 3.1.5 configuration.
For instructions, see Backing Up the Access Manager Configuration
in the Novell Access Manager 3.1 SP5 Administration Console Guide.
(Conditional) Back up any customized files on the Identity Server.
(Conditional) Remove the Identity Server from the L4 switch configuration.
(Conditional) Remove the Identity Server from the cluster configuration.
Perform a fresh install of Windows 2008.
If you have secondary consoles, bring them down.
Install the 3.1.5 version of the Administration Console.
Use the same IP address and DNS name.
Restore your configuration.
For instructions, see Restoring an Administration Console Configuration
in the Novell Access Manager 3.1 SP5 Administration Console Guide.
Modify keystore locations in the server.xml file:
Log in to the Administration Console machine as the administrator.
Open the server.xml file.
\Program Files (x86)\Novell\Tomcat\conf\server.xml
Search for devman.keystore.
Change the path from
\Program Files\Novell\Tomcat\webapps\roma\WEB-INF\conf\devman.keystore
to
\Program Files (x86)\Novell\Tomcat\webapps\roma\WEB-INF\conf\ devman.keystore
Search for tomcat.keystore.
Change the path from
C:\Program Files\Novell\Tomcat\webapps\roma\WEB-INF\conf\tomcat.keystore
to
C:\Program Files (x86)\Novell\Tomcat\webapps\roma\WEB-INF\conf\tomcat.keystore
Save the file.
Restart Tomcat.
net stop Tomcat5
net start Tomcat5
(Conditional) Install the 3.1.5 version of the Identity Server.
(Conditional) Restore any customized files to the Identity Server.
(Conditional) Add the Identity Server to the cluster configuration.
(Conditional) Add the Identity Server to the L4 switch configuration.
Remove any secondary consoles from the configuration:
In the Administration Console, click > .
In the section, use the button to remove any secondary consoles.
Uninstall the secondary consoles. For instructions, see Section 9.4, Uninstalling the Administration Console.
Reinstall the secondary consoles as secondary consoles to the new primary console.
The following procedure can be used to migrate a stand-alone Identity Server, or the Identity Server installed with the SSL VPN server:
Remove the Identity Server from the L4 switch configuration.
Remove the Identity Server from the cluster configuration.
Back up any customized files.
Perform a fresh install of SLES 11.
Make sure the following packages are installed:
gettext: The required library and tools to create and maintain message catalogs.
python (interpreter): The basic Python object-oriented programming package.
compat: Libraries to address compatibility issues. On SLES 11, the compat-32bit package is available in the SLES11-Extras repository. For information on enabling this repository, see TID 7004701.
Use YaST to install the packages.
Use the following command to verify:
rpm -qa | grep <package name>
Install the 3.1.5 version of the Identity Server.
Use the same IP address and DNS name for the Identity Server.
After the installation it might take 15 - 20 minutes for the health status of Identity Server to turn green.This time is utilized for importing and registering certificates from Administration Console.
IMPORTANT:Do NOT restart any device or service until the health status of Identity Server turns green.
Once the Identity Server's health turns green, restart Tomcat, else NIDP page might not be accessible
Restore any customized files.
Add the Identity Server to the cluster configuration.
Add the Identity Server to the L4 switch configuration.
Remove the Identity Server from the L4 switch configuration.
Remove the Identity Server from the cluster configuration.
Back up any customized files.
Perform a fresh install of Windows 2008.
Install the 3.1 SP5 version of the Identity Server.
Use the same IP address and DNS name for the Identity Server.
Restore any customized files.
Add the Identity Server to the cluster configuration.
Add the Identity Server to the L4 switch configuration.
If the SSL VPN server was installed along with the Administration Console, Identity Server, or the Linux Access Gateway Appliance, the SSL VPN server is automatically migrated to SLES 11, along with the other components. For more information, see the relevant migration sections:
The following sections explain how to migrate the stand-alone SSL VPN server to SLES 11:
Remove the SSL VPN server from the cluster configuration, if the server is part of a cluster.
(Conditional) If you have customized the SSL VPN user interface, back up all the files in the jsp/html folder.
For more information on customizing the SSL VPN user interface, see Customizing the SSL VPN User Interface
in the NetIQ Access Manager 3.1 SP5 SSL VPN Server Guide.
Stop the SLES 10 machine.
Perform a fresh install of SLES 11.
Install the 3.1.5 version of the SSL VPN Server.
Use the same IP address and DNS name for the SSL VPN Server.
(Conditional) Restore the configuration if you have backed it up in step 2.
Add the SSL VPN Server to the L4 switch configuration.