Novell BorderManager 3.9 supports industry-standard IKE for key management. This section discusses ways of upgrading a Novell BorderManager 3.8 VPN network to a Novell BorderManager 3.9 VPN network without affecting the connectivity between these networks. If you want to migrate the VPN configuration before upgrading to Novell BorderManager 3.9, make sure that the VPN is configured.
NOTE:After initial configuration though VPBNCFG, reload vpmaster and vpslave if they are not already loaded.
First, upgrade the master Novell BorderManager 3.9 server. Upgrade the slaves only after the master is upgraded.
When a master or slave is upgraded, automatic VPN configuration migration is supported from earlier versions of BorderManager configuration to Novell BorderManager 3.9 configuration. The actual upgrade consists of three steps:
Installing Novell BorderManager 3.9 over earlier versions of BorderManager.
During installation, selecting the Automatic Migration check box, which will automatically migrate the existing configuration.
After the preceding steps are complete, an earlier version of a BorderManager server can be considered fully migrated to a Novell BorderManager 3.9 server.
You can upgrade the slaves one by one. When some slaves are migrated and others are running an earlier version of BorderManager, the servers communicate with each other in the IKE mode.
The IKE configuration can be done using the iManager plug-ins. The Novell BorderManager 3.9 slaves and master can be monitored through the new Netware Remote Manager monitoring interface. For information see Section 18.0, Monitoring Virtual Private Networks.
IMPORTANT:Always back up your networking configuration files before an upgrade. The files to be backed up are \etc\tcpip.cfg, \etc\netinfo.cfg, and \etc\gateways. In the event of an abend and subsequent file corruption, this backup will help in restoring the networking configuration.
The following example setup consists of one master and two slaves. All of them are running an earlier version of Novell BorderManager. The focus of the upgrade is to migrate all the existing VPN servers to Novell BorderManager 3.9 and eventually have the servers using IKE for key management, These servers can then be configured and monitored using Web-based interfaces. You can also add a new Novell BorderManager 3.9 slave to the VPN site-to-site network. This will be a fresh, newly configured Novell BorderManager 3.9 slave.
The following upgrade scenarios are discussed here:
Run the Novell BorderManager 3.9 installation on the master.
On the upgrade page, make sure the check box is selected (this is selected by default).
After the master is upgraded, verify that the configuration migration is successful by viewing the server and site-to-site configuration in the iManager VPN configuration pages.
Use the VPN console option 5 to verify that the master contains information about all the slaves.
Run the Novell BorderManager 3.9 installation on the slave.
In the upgrade page, make sure the check box is selected (this is selected by default).
After the slave is upgraded, verify that the configuration migration is successful by viewing the slave server's configuration in the iManager VPN configuration page.
Run the Novell BorderManager 3.9 installation on the slave. Because this is not an upgrade, the configuration migration does not take place.
In iManager, complete the following steps:
Go to the slave and configure the slave for IKE. For information, refer to Configuring a VPN Server As a Slave Server.
Go to the master and add this slave as a Novell BorderManager 3.9 slave. For information, refer to Configuring a VPN Server As a Slave Server.
At this point, the new slave is able to receive the configuration from the master, and also communicate with the other Novell BorderManager 3.9 slaves.