The following procedure can be used to migrate a stand-alone Administration Console or an Administration Console installed either with the Identity Server or the SSL VPN server, or both of them:
Make a note of the DNS name and the IP address of the primary Administration Console.
Back up your 3.1.2 configuration.
For instructions, see Backing Up the Access Manager Configuration
in the Novell Access Manager 3.1 SP2 Administration Console Guide.
Move the backup configuration file to a different machine.
If you are going to re-install on the same machine, all data of the machine is lost. If you install on new hardware, the old machine must be removed from the network.
(Conditional) If an Identity Server is installed on the same machine as the Administration Console:
If the Identity Server is behind L4 Switch, then disable the Identity Server in the L4 switch configuration.
Remove the Identity Server from the cluster configuration.
Back up any customized files on the Identity Server.
(Conditional) If you are planning to install the primary Administration Console on new hardware, down the existing primary Administration Console and remove it from the network.
Perform a fresh install of SLES 11.
Make sure the following packages are installed:
gettext: The required library and tools to create and maintain message catalogs.
python (interpreter): The basic Python object-oriented programming package.
compat: Libraries to address compatibility issues. On SLES 11, the compat-32bit package is available in the SLES11-Extras repository. For information on enabling this repository, see TID 7004701.
Use YaST to install the packages.
Use the following command to verify:
rpm -qa | grep <package name>
Copy the backup configuration file to the machine.
Copy the SP2 installation file to the machine.
Remove this machine from the network.
NOTE:This step is required to avoid any traffic from the remote devices to this Administration Console in the current state. This also avoids any conflict between the eDirectory tree names of the primary and secondary Administration Console.
Install the 3.1.2 version of the Administration Console.
Use the same IP address and DNS name. For instructions, see Installing the Access Manager Administration Console.
Restore your configuration.
For instructions, see Restoring an Administration Console Configuration
in the Novell Access Manager 3.1 SP2 Administration Console Guide.
Open iMonitor on the primary Administration Console:
Enter the following URL:
https://<ip-address>:8030/nds
Replace <ip-address> with the IP address of your Administration Console.
Disable the outbound and inbound synchronization in the primary Administration Console eDirectory.
For more information, see “Enabling/Disabling Normal Synchronization” in the eDirectory documentation.
Connect this machine to the network so that the primary Administration Console is visible to all the devices.
(Conditional) If an Identity Server was installed on the same machine as the Administration Console:
Install the 3.1.2 version of the Identity Server.
Restore any customized files to the Identity Server.
Add the Identity Server to the cluster configuration.
If the Identity Server is behind L4 Switch, then enable the Identity Server in the L4 switch configuration.
(Conditional) If an SSL VPN server was installed on the same machine as the Administration Console, install the 3.1.2 version of the SSL VPN server.
Down any secondary consoles.
Re-enable eDirectory synchronization on the primary Administration Console:
Enter the following URL:
https://<ip-address>:8030/nds
Replace <ip-address> with the IP address of your primary Administration Console.
Enable the outbound and inbound synchronization.
For more information, see “Enabling/Disabling Normal Synchronization” in the eDirectory documentation.
Remove any secondary consoles from the configuration:
In the Administration Console, click > .
In the section, use the button to remove any secondary consoles.
Uninstall the secondary consoles. For instructions, see Section 10.4, Uninstalling the Administration Console.
Reinstall the secondary consoles as secondary consoles to the new primary console.
Install SLES 11, then install the SP2 version of the Administration Console.
Back up your 3.1.2 configuration.
For instructions, see Backing Up the Access Manager Configuration
in the Novell Access Manager 3.1 SP2 Administration Console Guide.
(Conditional) Back up any customized files on the Identity Server.
(Conditional) If the Identity Server is behind L4 Switch, then disable the Identity Server in the L4 switch configuration.
(Conditional) Remove the Identity Server from the cluster configuration.
Perform a fresh install of Windows 2008.
If you have secondary consoles, down them.
Install the 3.1.2 version of the Administration Console.
Use the same IP address and DNS name.
Restore your configuration.
For instructions, see Restoring an Administration Console Configuration
in the Novell Access Manager 3.1 SP2 Administration Console Guide.
Modify keystore locations in the server.xml file:
Log in to the Administration Console machine as the administrator.
Open the server.xml file.
\Program Files (x86)\Novell\Tomcat\conf\server.xml
Search for devman.keystore.
Change the path from
\Program Files\Novell\Tomcat\webapps\roma\WEB-INF\conf\devman.keystore
to
\Program Files (x86)\Novell\Tomcat\webapps\roma\WEB-INF\conf\ devman.keystore
Search for tomcat.keystore.
Change the path from
C:\Program Files\Novell\Tomcat\webapps\roma\WEB-INF\conf\tomcat.keystore
to
C:\Program Files (x86)\Novell\Tomcat\webapps\roma\WEB-INF\conf\tomcat.keystore
Save the file.
Restart Tomcat.
net stop Tomcat5
net start Tomcat5
(Conditional) Install the 3.1.2 version of the Identity Server.
(Conditional) Restore any customized files to the Identity Server.
(Conditional) Add the Identity Server to the cluster configuration.
(Conditional) If the Identity Server is behind L4 Switch, then enable the Identity Server in the L4 switch configuration.
Remove any secondary consoles from the configuration:
In the Administration Console, click > .
In the section, use the button to remove any secondary consoles.
Uninstall the secondary consoles. For instructions, see Section 10.4, Uninstalling the Administration Console.
Reinstall the secondary consoles as secondary consoles to the new primary console.
The following procedure can be used to migrate a stand-alone Identity Server, or the Identity Server installed with the SSL VPN server:
(Conditional) If the Identity Server is behind L4 Switch, then disable the Identity Server in the L4 switch configuration.
Remove the Identity Server from the cluster configuration.
Back up any customized files.
Perform a fresh install of SLES 11.
Make sure the following packages are installed:
gettext: The required library and tools to create and maintain message catalogs.
python (interpreter): The basic Python object-oriented programming package.
compat: Libraries to address compatibility issues. On SLES 11, the compat-32bit package is available in the SLES11-Extras repository. For information on enabling this repository, see TID 7004701.
Use YaST to install the packages.
Use the following command to verify:
rpm -qa | grep <package name>
Install the 3.1.2 version of the Identity Server.
Use the same IP address and DNS name for the Identity Server.
Restore any customized files.
Add the Identity Server to the cluster configuration.
(Conditional) If the Identity Server is behind L4 Switch, then enable the Identity Server in the L4 switch configuration.
(Conditional) If the Identity Server is behind L4 Switch, then disable the Identity Server in the L4 switch configuration.
Remove the Identity Server from the cluster configuration.
Back up any customized files.
Perform a fresh install of Windows 2008.
Install the 3.1 SP2 version of the Identity Server.
Use the same IP address and DNS name for the Identity Server.
Restore any customized files.
Add the Identity Server to the cluster configuration.
(Conditional) If the Identity Server is behind L4 Switch, then enable the Identity Server in the L4 switch configuration.
Use the following procedure to migrate the SLES 9 version of the 3.1 SP2 Access Gateway Appliance and SSL VPN server installed along with the Access Gateway Appliance to SLES 11. If you have not upgraded the Access Gateway Appliance to SP2 or later, complete this upgrade task before migrating to SLES 11.
Log in to the Access Gateway as root.
Back up the customized files:
Change to the /chroot/lag/opt/novell/bin directory.
Enter the following command to back up the customized files:
sh lag-backup-restore.sh
Select .
The script creates two files in the current directory:
lagRestore.tar.gz: This file contains touch files, custom error pages, a pre-apply script, and a post-apply script.
lagNoRestore.tar.gz: The file contains the config.xml file, backup error pages, and the server.xml file. (This file is not restored but created for debugging in case of failure.)
Select to exit.
Copy the tar files to another physical location.
(Conditional) If the Access Gateway is behind L4 Switch, then disable the Access Gateway in the L4 switch configuration.
Install the 3.1 SP2 or later version of the SLES 11 Access Gateway Appliance.
If you have installed the SSL VPN server along with the Access Gateway Appliance, make sure that you select the option to install the SSL VPN server.
Use the same IP address and DNS name.
For more information, see Section 6.0, Installing the Linux Access Gateway Appliance.
Restore your custom configuration files:
Log in to the Access Gateway as root.
Copy the lagRestore.tar.gz file to the /chroot/lag/opt/novell/bin directory.
Change to the /chroot/lag/opt/novell/bin directory.
Enter the following command to restore the customized files:
sh lag-backup-restore.sh
Select .
This restores the custom files.
Select to exit.
Restart the Access Gateway:
/etc/init.d/novell-vmc start
(Conditional) If the Access Gateway is behind L4 Switch, then enable the Access Gateway in the L4 switch configuration.
To complete the migration, you must update the Access Gateway configuration on all the Gateways in the cluster. Make a change to the Access Gateway configuration. You can either select to update the configuration on all the Linux Access Gateways or update the Gateways one by one. Selecting can cause a temporary disruption in service.
(Conditional) If the health status of the newly migrated Access Gateway stays red and the Health page on the Administration Console displays a keystore error, you need to run the keystore cleanup script. For more information, see Section A.7.1, After You Migrate from SLES 9 to SLES 11, the Health Status Indicates That the Embedded Service Provider Cannot Find the Keystores.
If the SSL VPN server was installed along with the Administration Console, Identity Server, or the Linux Access Gateway Appliance, the SSL VPN server is automatically migrated to SLES 11, along with the other components. For more information, see the relevant migration sections:
The following sections explain how to migrate the stand-alone SSL VPN server to SLES 11:
Log in as root.
Make a backup of the configuration and copy it to another location.
Shut down the SLES 9 machine.
Perform a fresh install of SLES 11.
Use the same IP address and DNS name for the SSL VPN server.
Download the compat-openssl097g-0.9.7g-13.2.i586 RPMs from Novell Web site
Specify the following command to install the RPM:
rpm -- compat-openssl097g-0.9.7g-13.2.i586
Install SSL VPN 3.0.4.
Restart the SSL VPN server by using the following commands:
sslvpn -down
sslvpn -up
Upgrade to SSL VPN 3.1.2.
Restart the SSL VPN server.
Remove the SSL VPN server from the cluster configuration, if the server is part of a cluster.
Make a backup of the configuration
NOTE:If you have customized the SSL VPN user interface, make a backup of all the files in the jsp/html folder. For more information on customizing the SSL VPN user interface, see Customizing the SSL VPN User Interface
in the Novell Access Manager 3.1 SP2 SSL VPN Server Guide.
Stop the SLES 10 machine.
Perform a fresh install of SLES 11.
Install the 3.1.2 version of the SSL VPN Server.
Use the same IP address and DNS name for the SSL VPN Server.
Restore the configuration.
Add the SSL VPN Server to the L4 switch configuration.