Hello SiteMinder wizards,
I need to work on a requirement where customer is planning to migrate from Siteminder 12.52 (On-Premise) to Siteminder 12.7 (AWS cloud). In addition to that current Siteminder 12.52 has Oracle DB as Policy Store. Customer wants to replace Oracle DB with CA Directory as policy store when moving into 12.7. I just want to check what would be my high level steps for this migration. Is there anything I need to specifically plan or be careful about?
So there are 2 tasks here.
I am wondering if I should first upgrade Siteminder or should I first replace Policy store? Or the sequence doesn't matter?
As I understand, I can export policy objects from existing Siteminder admin console (in form of XML) and then import the same XML into new Siteminder instance. Is there anything else I should be worried about? Do we have any tech document which talks about migrating Policy store from DB to LDAP?
Thanks a lot for your time.
We are not touching OR upgrading R12.52 environment. That stays as is. This is an use case of Parallel Upgrade.
Task-1 : Review the documented Steps & understand the process.
Task-2 : Prepare a step by step upgrade plan. This would allow you to track and monitor changes. It is crucial we do this before we start the upgrade as it helps us better understand how the generic product documented process would apply to our environments. Take this step seriously as many hidden gotcha's are revealed beforehand when we visually design the flow / steps on paper before actuals.
Task-3 : Identify a lower environment where we could attempt the migration. Also cross verify / check Documented Upgrade Plan.
Task-4 : Install a vanilla OOB R12.7 with CA Directory as Policy Store.
Task-5 : Review your R12.52 KeyStore & R12.7 KeyStore Deployment strategy to maintain SSO between R12.52 and R12.7.
Task-6 : Object Migration.
Task-7 : Pointing WebAgents to R12.7. Since you are migrating from OnPremise to AWS. I'd assume the WebAgents / Applications would also be migrating to AWS.
Task-8 : At every step, go back and update the documentation. Track Issues / Solution / Closures.
Thanks for quick and detailed response. This surely helps.
Just one added caution.
I mentioned for XPSExport using flags (-xp -xe -xi); but it really depends on how we want to migrate the Policy Store i.e. one shot full store OR phased object migration. Based on the approach adopted the flags would different for Export. If we need to cleanse the policy store of redundant / dirty objects, phased approach is preferred. If there is a shorter way to cleanse objects from a full export, we could explore that avenue as well. It really is a case by case scenario.