Symantec Access Management

We have 4 different web application  environments (dev, qa, pre-prod, & prod).   Each environment has it's own dedicated SiteMinder infrastructure.   Typically as you would imagine we start working in our development environment, once we have a working configuration the application  moves to qa.   At that point the SiteMinder configuration is then manually re-created to match what was implemented and tested in dev.   I'd like to automate this process so that we can eliminate the manual tasks and reduce the risk of confguration differences as the project moves from one environment to the next.   I've considered Policy Domain level exports and imports however they seem to require to much manual manipulation when importing to a different environment (Agent Names, Agent Groups, etc).   I've also briefly considered the Perl CLI however it seems to be missing some functionality.   Does anyone have any suggestions or "best practices" for handling this type of task?

Hi nowellk,  From our experience from R12 migration, there's no tool available embedded in the solution for that (I have to admit that I find that weird, but...)CA Services proposed us to use a tool specially designed for that, that is called Liberty if I'm not wrong, but that would need some re-design, and as it's already not free, re-design it would make it expensive.
So we decided to make our own development using XPS Tools of R12SP2 and Perl, but it may be tricky because CA discovered all operations available in these tools are not working properly (especially on upates).

Hope it can help you a bit.

Hi,  We are using a similar setup with dedicated SiteMinder infra per environment.   When we migrated to SiteMinder 6, we also developed a perl script interacting with the SiteMinder's perl api which does exactly what you have in mind.   As a result manual interventions on the other environment are pretty limited.   We're keeping our fingers crossed that the script will also work with SiteMinder 12.  Currently using SiteMinder 6-sp5.

Hi PVB,  There's two models of implementation in the R12.If you choose the legacy one, there shouldn't be any problem, but it won't work if you choose to implement the XPS one. For this last one, you should wait at least the CR1 of R12SP1, 'cause we spotted some disturbing bugs in CR0 for this implementation model.Rgds,

Hi TBL,  Thanks for the advise.   Will keep this in mind once we start testing SM12.  Regards,