brodginskicc
What you were planning initially was a MIGRATION upgrade i.e. in place upgrade i.e. Upgrade existing components.
How to Migrate from r12.x - CA SiteMinder® - 12.52 SP1 - CA Wiki
What Ujwol recommended was a PARALLEL upgrade i.e. a parallel / new infrastructure with new version of Product, which is in SSO with current infrastructure with old version product.
How a r12.x Parallel Upgrade Works - CA SiteMinder® - 12.52 SP1 - CA Wiki
Circling back to your question.
Question: After importing the 12.0 SP3 policy store, is the new policy store still 12.52 SP1 CR1, or does it become 12.0 SP3?
Answer: The new policy store remains R12.52 SP1 CR1 after import of Policy Data.
Reason:
- In layman terms
- Consider 2 different types of Shelves we purchased from a furniture mart.
- Initially we purchased Version-1 only.
- Version-1 : KALLAX Shelving unit - black-brown - IKEA
- Now consider we purchased an Object e.g. STOCKHOLM Vase - IKEA. Then we placed this Object in the Shelf Version-1.
- After many a years, we purchased Shelf Version-2.
- Version-2 : KALLAX Shelving unit - white - IKEA
- We then took (EXPORT) the Object e.g. STOCKHOLM Vase - IKEA and placed (IMPORT) in Shelf Version-2. Did the object change OR should the object change? No. The Object should remain as it is, only the version of Shelves have changed with certain characteristic i.e. it is much bigger, with more casing to allow for more objects. However between both version certain basic things remain the same i.e. basic structure pattern, they both are made up of wood; which allow both Shelves to hold the same object.
- In Technical Terms
- Between Versions only Schema (from R6.x) and Data Definitions (from R12.x) change.
- The Policy Object's that we create in the Store remain unchanged. Hence we can export the Policy Objects from one version of Policy Store into another version of Policy Store.
My recommendation would also be Parallel Upgrade, as it keeps the existing infrastructure untouched. However there are pros and cons in both approaches. These needs to delicately scrutinized before concluding which Upgrade pattern (Migration OR Parallel) to be adopted.
For e.g. Since the PStore is AD, is it possible to setup a Parallel AD infrastructure? I doubt that, a corporate normally has one main AD Domain Controller and sub forrests. I don't know what the AD is being used for inaddition to being used as a Policy Store? If the entire AD instance / machine is just being used only for PStore then I could build a parallel AD setup with new version of Policy Store. So these are the kind of doubts that arise in my head when I think about AD.
Circling back to your earlier question.
Question : Was specific to rollback i.e. "So, if I do a policy store export prior to the upgrade and have a problem, can I re-import the 12.0 policy store over the upgraded policy store?"
Answer : Yes you may be able to re-import; but note, your Policy Store would be still R12.51 or messier. The reason I state this is because when we talk about the Policy Store there are 4 different things
[A] Policy Store Schema.
[B] Policy Store Data Definition.
[C] Policy Store Object (Policy Domains, User Directories, Agents, ACO, HCO, Trusted Hosts, etc etc etc i.e. all objects one sees in WAM UI / FSS UI).
[D] Policy Store Configuration.
Now it is very crucial on what type of export was taken i.e.
[1] Was a full backup i.e. XPSExport -xb
or
[2] Was it a only a Policy Data export i.e. [C] i.e. XPSExport -xp -xe -xi -xs (-xp -xe -xi -xs is R12.5 and above; check corresponding parameters in R12.0. Just using it as an example here).
Another question I would ask is even if I took a -xb i.e. a full backup (I am sure it includes [C] and [D]). What I am unsure is does xb include [A] and [B]. Even if it did, could the reimport (of full backup i.e. -xb) override / delete / de-reference the new DataDefinitions links which would have been created when the R12.0 Policy Store was upgraded to R12.5x using the execution of XPSDDInstall Command, which upgrades the Policy Store Data Definitions to new version.
Therefore I'd rely completely on AD's rollback ability to roll back into a prior state i.e. SNAPSHOT rollback.
This usecase is TRUE for Migration Upgrade.
Question : Export the policy store before it is upgraded, and import it into a separate container (our policy store is in AD) that we could point the policy servers to should we have a problem with the 12.52 policy store.
Answer : Here's the problem. Did any one suggest that in AD or ADLDS there is a configuration partition and a data partition. Schema for sure resides in the Configuration Partition. Data Definition (XPSDDInstall Command) I am unsure if it resides in Configuration or Data Partition. Policy Data Objects (everything we create in WAM UI) resides in Data Partition). *Assuming* Data Definition resides in the Configuration partition, the moment XPSDDInstall is executed the entire AD configuration structure is updated. Anything in the Configuration Partition applies to entire objects that gets created in AD/ADLDS under Data Partition. Hence this idea of pointing R12.5x Policy Server's to a different Container e.g. OU under the impression that only this OU is R12.5x; is incorrect. As I understand, any given point in time AD when used as PStore would remain in only one version i.e. R12.0 or R12.5x.
NOTE : ADLDS does have the feature of instances. Hence each instance has its own Configuration and Data Partition. Don't think AD has that capability.
An upgrade is a mammoth task, what we spoke here is just one piece of the puzzle. Hence I've kept the discussion specific to the rollback of policy store as per the query posted.
Regards
Hubert