Symantec Access Management

Hi All,

I am upgrading from SitEMinder R12.5 to R12.52 sp3 which integrated with CA IDM R12.6 sp3. What are things that needs to be considered and as we know smobjexport is replaced with XPSExport, will XPSExport include all of the IDM objects and will XPSImport import all the IDM objects after i upgrade SiteMinder.

Please ponder some points and if possible if there is any document please share, as Bookshelf is not sufficient while doing upgrade, and i am upgrading this on Windows OS.

-Chris

Hi Chris,

As per following KB, it doesn't seem xpsexport support IDM objects.

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec538441.aspx

I suggest to engage CA Support to clarify command use to export IDM objects.

Thanks.

Kar Meng

Kar Meng Karmeng

I have a suspicion that this may not be entirely true as this Technote was written in 2012. We do ship "IdmSmObjects.xdd" with R12.52. Also with R12.5 onwards I believe we do not ship smobjexport, we only ship smobjimport. Hence it becomes much important that IDM Objects are supported via XPSTools.

Christie ChristieJS

The steps for SM upgrade are pretty much same as normal upgrade. However I'd recommend to backup the IdM Object and Policy Objects in the Store by doing a "full-Policy-backup". Typically in R12.52 it is done using "-xp -xe" as parameters for XPSExport. In R12.5 a "full-Policy-backup" may have different parameter input. Please note there is a change in parameters for XPSExport and XPSImport between R12.5 and R12.52. Hence get comfortable with the XPSTools and the parameters, to get the right backup.

Regards

Hubert

Hi HubertDennis

Ya, the KB is a bit outdated. Both 12.5 and 12.52 have "-xp -xe" parameter

Extract from 12.5 documentation

-xe

(Optional) Exports the object types that are related to the execution environment.

-xp

(Optional) Exports the object types that are related to the policies.

Note: The -xe and -xp options cannot be used with -xo, -xo-add, -xo-replace, -xo-overlay, or -xf.

Important! The -xe and -xp options supersede the -xa option to extract all policy data. You can also use the -xb option that lets you take complete backup of the Policy Server location-specific data, such as the policy store location.

ChristieJS

You can try xpsexport with above parameters and check if IM objects exist in R12.52 environment after import (xpsimport).

The xpsexport don't have parameter to export IM objects only like smobjexport -m.

Therefore, I believe we are on the right track with xpsexport.

Make sure you also perform LDAP level backup as this will speed up the rollback in case anything goes wrong on the policy store.

Thanks.

Kar Meng

@Karmeng and Hubert,

I have completed this upgrade somehow. And the integration between IDM and SM is also working perfectly fine.

This is what I did.

Step 1: Took a back up of policies using XPSExport using -xe -xp and -xb, -xb did a backup of all the domains and policy store, but it did leave out IDM policies for some reason, have to dig on that and do more analysis on why it was left out without exporting. But -xe -xp did export all of the policies

Step 2: Took a backup of all that's required as per bookshelf, and back up of certificates. And took a back up of keys using smkeyexport.

Step 3: Took a back up of files in LDAP system backup, for safety.

Step 4: upgraded SM as usual and upgraded Admin UI.

Step 5: After upgrading imported idmsmobjects.xdd and SmMaster.xdd and smpolicy.xml

Step 6: Imported encrypted key and backed up policies.

Step 7: Started Policy server.

Hi ChristieJS
Glad it works out for your. You have provided valuable input that the -xe -xp work out for the xpsexport to exoirt IDM objects. I will put this note in my memory

Beside, if you can mark this thread as answer, it will be greatly appreciate.

Thanks.

Kar Meng