Automic Workload Automation

  • Private Community
 View Only

  • 1.  password encryption

    Posted Aug 23, 2024 05:18 PM

    I am currently running AE V21.x on a Windows Server 2016.  In order to upgrade to V24, I have to build new Windows Server 2019 because the BETA feature does not exist on Windows Server 2016.  

    I know that if you encrypt the database password, save the encrypted password, run the encrypt again using the same password, you will get a different password.ucc when comparing to the first encryption.

    My question is, when I install AE on the new server, can I copy the ucsrv.ini from V21 and put it into the V24 install without re-encrypting the password?  The database password is the same for both V21 and V22 Automic databases.  Just wondering because the OS is a different version, I might have to do it.  I know that different server with same OS can use the same encrypted password.



  • 2.  RE: password encryption

    Posted Aug 24, 2024 09:08 AM
    Edited by Tony Beeston Aug 26, 2024 02:34 AM

    When upgrading from AE V21.x to V24 and moving to a new server (Windows Server 2019), you need to be cautious about the encrypted database password due to potential differences in encryption methods or configurations between the old and new environments.

    Here's a general approach to ensure a smooth transition:

    1. Backup and Document:

      • Before making any changes, back up your existing ucsrv.ini file and the Automic databases.
      • Document all necessary configurations and settings from your current installation.

    2. Check Encryption Compatibility:

      • As you've noted, encryption can vary between different versions and operating systems. Even if the encryption algorithm remains the same, the encryption implementation might differ between the old and new servers.
      • If you are confident that the encryption method for the password is consistent across the versions and the OS upgrade doesn't affect it, you might be able to reuse the encrypted password if you use official site.

    3. Copy Configuration Files:

      • You can try copying the ucsrv.ini file from your V21 installation to the V24 installation. This is feasible if the new version of Automic AE is backward compatible with the configuration format of V21.
      • Ensure that all paths and configurations in the ucsrv.ini  file are correctly aligned with the new server environment.

    4. Test the Configuration:

      • After copying the ucsrv.ini file, test the new installation thoroughly. Pay close attention to database connectivity and encryption-related operations to verify that the password is being correctly decrypted and used.

    5. Re-encrypt if Necessary:

      • If you encounter issues related to the encrypted password, you may need to re-encrypt the database password on the new server. This would involve:
        • Generating a new encryption key or password (if necessary).
        • Reconfiguring the ucsrv.ini file with the newly encrypted password.
        • Ensuring all related configurations are updated accordingly.

    6. Consult Documentation and Support:

      • Refer to the official documentation for Automic AE V24 for any specific guidelines regarding configuration migration and encryption.
      • If in doubt, reach out to Automic support for advice tailored to your specific upgrade path and configuration.

    By carefully migrating your configuration and verifying compatibility, you can minimize disruptions and ensure a successful upgrade to the new server and version of Automic AE.


    Original Message


  • 3.  RE: password encryption

    Broadcom Employee
    Posted Aug 26, 2024 02:37 AM
    Edited by Markus Embacher Aug 26, 2024 02:41 AM

     H



  • 4.  RE: password encryption

    Posted Aug 26, 2024 02:59 AM

    Thank you, Markus.  I do have updated all the .ini based on any changes in the V24 install media.  Thanks.


    Original Message


  • 5.  RE: password encryption

    Broadcom Employee
    Posted Aug 27, 2024 11:52 AM

    Hi @Lester Chew,

    Please do not use old configuration-files for newer versions. Use the old modification/adoptions/settings and modify the new configuration-file after checking the (new) documentation. 

    Be aware that the passwords in configuration-files are not encrypted but obfuscated.
    In order to ensure that v24 binaries can de-obfuscate a password, v24's binaries should be used to obfuscate the password.

    The Windows setting "Beta: Use Unicode UTF-8 for worldwide language support" effects (at least) the behavior of the ODBC driver for the Microsoft SQL Server. It does not influence how passwords are de-/obfuscated by Automic Automation v24's binaries. 

    Michael



    ------------------------------
    Michael K. Dolinek

    Engineering Program Manager | Agile Operation Division
    Broadcom Software
    ------------------------------

    Original Message


  • 6.  RE: password encryption

    Posted Aug 27, 2024 04:25 PM

    Hi Michael,

    What I have done is used a software called Beyond Compare.  This allows me to compare the contents of the V24 .ini file against the V21 .ini.  Most of the contents do matches.  What doesn't match, I copy the change from the V24 to the V21 ini.  I can't imagine it would be different if I copy from V21 to V24 or the other way.  The main reason why I am using V24 to V21 is that there might be my comments that might be a less headache to copy from V21 to V24.  I just trying to understand the preference of copying from V21 to V24.  Many Thanks for your input.

    Understand your comment about the password and the ODBC use of the BETA feature.  There was no intent to connect the utf8 and the password question. :-)


    Original Message