Hi Duc Tran,
Glad you had a positive experience with your upgrade. For me, I didn't have to do the classic policy export and import.
I had to upgrade from CA SSO r12.52 SP1 CR9 to CA SSO r12.8.
Using parallel method as well cos client wants a period of co-existence.
Policy store was in CA Directory 12.0.8 and we move over to CA Directory r14
what I did was, at the CA Directory r12, I did an onlinebackup. then just throw the .zdb files over to r14 Directory then start it up. It just works.
Then I installed CA SSO r12.8. point it to use the policy store in Directory r14. Also point the existing r12.52 policy servers to the new policy stores so that they are using the same keystore.
As there are some new stuff provided by r12.8, remember to run the following commands from the r12.8 policy server.
XPSDDInstall SmMaster.xdd
XPSImport smpolicy.xml -npass -vT
Then I register my new AdminUIs and I'm done. r12.52 access gateway continues to work with 12.8 policy server so I took my time with upgrading those (some in place upgrade, some are parallel and swing after).
Just need to remember before decommissioning the r12.52 policy server, make sure one of the r12.8 policy server becomes the key generator. Better yet, do this master swing as soon as r12.8 policy server is serviceable. I forgot this step and caused quite a bit of a scare when we shutdown the 12.52 policy servers in UAT.
regards,
Zen