AnsweredAssumed Answered

RE: upgrading SiteMinder Proxy server to version r12.52.

Question asked by Mark.ODonohue Employee on Feb 17, 2014
Latest reply on Mar 7, 2014 by naveenpaul1987

Hi Naveen

 

You wrote: 

naveenpaul1987:

Hi All,

 I have a requirement of upgrading SiteMinder Proxy server version r12.5 to r12.52.   I ahve following queries regarding the upgradation.

1.       If I upgrade SPS what all are the re-configurations I will have to do?  Do I need to make any configuration with SIteminder Policy Server ? Do I need to re-register SPS with SM Policy Server ?

2.       Are there any  other affected components?

Any response at the earliest will  be much appreciated.

 

In my experience, the best way to do an upgrade of SPS (and recent experience confirms this with a R12.5 to R12.52 upgrade as well) is to backup the existing SPS install, (using tar or zip), make a fresh SPS install (you most likely will need to do an uninstall and reinstall), and the use diff to reapply to configuration changes to the newly installed instance.

The steps we've followed are :

  1. Backup exisitng system (particularly note httpd/conf and proxy-engine/conf directories since these hold most of the configuration) - use tar or zip.
     
  2. Uninstall, this will reset some /etc/CA/ file settings, 
     
  3. Install as per new instance - you do  not need to do host registration.
     
  4. run a diff utility over the httpd config files (diff -U for unix or windiff or similar on Windows).You will find you need to transfer about 4-6 lines of local configuration, depending if you have SSL enabled or not.
    1. httpd/conf/httpd.conf  
    2. httpd/conf/extra  (this is a recursive diff of a directory
  5. run diff utility over proxy-engine configuration (diff -U or windiff)
    1. proxy-engine/conf/server.conf
    You will find you need to transfer the virtual hosts xml areas, and possibly some settings.
     
  6. These files / directories can be directly copied over to the new area (but a diff does not hurt you will find WebAgent.conf has different comments that identify agent version, and some extra dll's that are commented out in default).
    1. proxy-engine/conf/proxyrules.xml 
    2. proxy-enigine/conf/defaultagent  (directory)
    3. (any other "agent" directory if you have multiple agent instances)
    The proxyrules.xml will be your rules, and the defaultagent and any other agents you have installed will then retain their ACO, SmHost.conf and all their existing settings.

If you have some customized scripts, such as proxyengine.sh settings, then again a diff on the directory is the best way to confirm what is different and you can then review these files.

That is the process I've used on several occasions and the changes to transfer configuration are fairly simple.  Running the SPS upgrade has (in my experience) often ended up with broken configuration files or new features not working since it is using old configuration files.

I would recomend If you are running an upgrade (either scripted, or manually as above), then test the upgrade process in lesser environment, several times until all the steps are known, before applying it to your production environment (and take a backup of the original prod one for reference). 

Hope that helps.

Cheers - Mark

(Note: no policy server changes are required to get the same functionality, if you which to say, start using proxyui if you were not previosuly, or start using webservices, ie start using new features, then those do require entry of some additional policy server configuration )

Outcomes