Symantec IGA

 View Only

Provisioning Directory migration to a new Identity Manager installation 

May 02, 2019 11:54 PM

The following document describes the steps to migrate Identity Manager Provisioning Directory (IMPD) data to a new system:

Migrate the Provisioning Directory - CA Identity Manager - 14.2 - CA Technologies Documentation 

The condition not explicitly mentioned in that doc is that a new IMPD installation is supposed to serve existing IM Provisioning Server(s).

However if IMPD data is migrated to a new IM installation, some extra steps are required after the data is migrated according to the above doc.

The problem is that the data in IMPD contains configuration information on the provisioning servers and connector server frameworks, and this data has to be manually corrected to replace old servers with the new ones.

Here is what should be changed:

  1. Ensure that a fresh installation of the Provisioning Directory/Provisioning Server is using the same passwords, product version, and provisioning domain name. Item 7 below explains what to do in case of a different (newer) product version.
  2. Using Connector Xpress connect to the new IM Provisioning Server (IMPS). Connector Server configurations (CS Configs) should contain the CS framework of the old IMPS. Remove that framework and create a new CS framework according to your new IM topology. See this document for additional info: Redundant Connector Servers - CA Identity Manager - 14.2 - CA Technologies Documentation 
  3. Using jxplorer connect to IMPD
    Note: To connect to IMPD use the following connection details:
    port: 20391
    bind DN: eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=im,dc=etadb
  4. Update the following IMPD entries. They contain attributes (eTDSADbHost, eTDSAHost) with old machine names.
    eTDSAName=im,eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb
    eTDSAName=im,eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=im,dc=etadb
  5. Remove entries representing old machines from under eTConfigParamFolderName=Servers,eTConfigParamContainerName=Parameters,eTConfigContainerName=Configuration,eTNamespaceName=CommonObjects,dc=im,dc=etadb
  6. Remove entries representing old machines from under dc=notify,dc=etadb
  7. Extra care should be taken in case new IM installation has newer version than the old installation. The metadata for some provisioning connectors may have changed and new version of connectors will not work properly with the old metadata from IMPD. There may also be new provisioning connectors available in newer version of IM. To do that we recommend to install/reinstall Java Connector Server. During JCS installation metadata will be upgraded.
  8. Using IM Provisioning Manager update IM inbount notification URL

Statistics
1 Favorited
31 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

May 14, 2019 03:35 AM

Hi,

 

Interesting document.

Can we use this kind of procedure to directly migrate provisioning data between different version (eg. 12.6 to 14.2)? 

Or do we have to use an interim server to run the update procedure and then migrate data?

 

Thanks

Fabrizio

May 03, 2019 01:07 AM

Thank you for your inputs on the Provisioning Directory migration documentation. We will update the document based on your feedback.

 

Regards

Shamlee

Related Entries and Links

No Related Resource entered.