Symantec IGA

  • Private Community
Back to discussions
Expand all | Collapse all

IDM Migration to Version 14.x

  • 1.  IDM Migration to Version 14.x

    Posted Aug 15, 2017 06:07 AM

    If customer want to migrate ca idm version 12.6.x to version 14.x.
    I would like to know,Are there anything to concern about this?
    e.g. user data. (there are more than 20,000 users in the system.)
    How to migrate exiting user in IDM currenlty to the new IDM?



  • 2.  Re: IDM Migration to Version 14.x

    Broadcom Employee
    Posted Aug 16, 2017 10:57 AM

    Hi Orawan,

     

    I believe it's different whether you upgrade from IDM 12.6x to the virtual appliance or if you upgrade to a stand-alone IDM 14.x.  Which one is it?  

     

    Thanks,

    Sagi



  • 3.  Re: IDM Migration to Version 14.x

    Posted Aug 17, 2017 11:22 PM

    Hi Sagi,

             They will migrate form idmv 12.6.x to the new virtual appliance IDM v14.

    I'm not sure the process to do that and anything to concern about this. 

     

    Thanks,

    Ann.



  • 4.  Re: IDM Migration to Version 14.x

    Broadcom Employee
    Posted Aug 18, 2017 11:41 AM

    Hi Ann,

     

    The documentation on vApp v14 is at:

    CA Identity Suite - Virtual Appliance - CA Identity Suite - 14.0 - CA Technologies Documentation 

     

    With regard to your original question: 

    You should know that vApp is creating a prenamed IDM environment so part of your migration should be to move your users to the vApp user store and make sure to get all IDM definitions/roles/tasks/policies you have in your older 12.6 IME into the new vApp 14.x IME.

     

    Thanks,

    Sagi



  • 5.  Re: IDM Migration to Version 14.x

    Posted Aug 18, 2017 03:04 PM

    does vApp allow authentication against third party ldap like active directory?



  • 6.  Re: IDM Migration to Version 14.x

    Broadcom Employee
    Posted Aug 18, 2017 04:22 PM

    IDM itself only has CA Directory as its User Store. However, I am unsure if you integrate with Site Minder, then it may be possible that Site Minder can authenticate users off any user directory, but the IDM own directory will still be CA Dir.

     

    Sagi



  • 7.  Re: IDM Migration to Version 14.x

    Posted Aug 20, 2017 10:38 PM

    Hi Sagi,

     

       We are not upgrading from IDM 12.6 to 14.1. The latest IDM version will be installed and configured with similar configuration of the old one. The main concern is migrating data from the existing system to the ca IDM 14.1. What are the data we need to import and how to do it?  



  • 8.  Re: IDM Migration to Version 14.x

    Broadcom Employee
    Posted Aug 18, 2017 09:21 AM

    Sagi_Gabay, please remember to come back here to further the conversation.

     

    Thanks,

    Bill



  • 9.  Re: IDM Migration to Version 14.x
    Best Answer

    Broadcom Employee
    Posted Aug 21, 2017 02:35 AM

    Some points to consider when migrating to an appliance based Identity Suite solution:

    1. The vApp uses fixed named environment (IdentityEnv).
    2. The user objectClass is imUser (with an option to extend to imUserAux for additional attributes)

    So, to migrate an existing environment, the following actions need to be done, the optional parts depend on the changed in user store between the current environment and the new one.:

    1. Map the attributes from your old environment to your new environment.
    2. Optionally: Add additional attribute to the imUserAux class and the user store XML
    3. Optionally: In the export of the RoleDef XML from the old environment replace any changed attribute names.
      I would recommend checking the VST for tasks excuted in the last ~1 year to identify which tasks need to be migrated.
    4. Optionally: Update provisioning attribute mapping in the environment settings XML
    5. Optionally: Update attribute names in any custom code or scripts used

    Some notes:

    • Audit and VST will not be migrated.
    • I would recommend completing all workflows to migration.

     

    Gil



  • 10.  Re: IDM Migration to Version 14.x

    Broadcom Employee
    Posted Oct 09, 2017 01:57 PM

    Hi

     

    Customer has some concerns when upgrading from 12.6.8 to 14.1 so if someone can comment:

     

    We are evaluating our customers request for upgrade of CA IDM platform which should involve:
    - upgrade of CA IDM from version 12.6.8(current) to version 14.1
    - spliting of CA IDM server components on 5 servers
    - spliting databases across more db servers
    - upgrade OS to run CA IDM on windows server 2016 (now it runs on windows server 2008R2)

    Also there is a constraint to keep original environment intact for archival purposes.

    We tried to outline the upgrade from the release notes and we’ve learnt that:
    CA IDM 14.1 can run on windows 2012/2012R2/2016
    CA IDM 12.6.8 can run on windows 2008/2008R2/2012/2012R2
    CA IDM supplies update script that can be used after upgrade to update data

    From this it is not clear to us if there is supported way how to perform mentioned upgrade-migration since from release notes it seems that:
    upgrade of CA IDM can be done only “in-place” - which violates request of customer to conserve the original platform
    data migration can be done only to platform with the same CA IDM version (due to changed data structures?)
    Only common compatible version of Windows for both version of CA IDM is 2012/2012R2 which is not helpful because target should be Windows Server 2016

    The general idea was to perform following steps:
    1) install new platform on Windows 2016 server and install CA IDM v 12.6 there
    2) import data from original platform to new platform created in step 1
    3) upgrade new platform to version CA IDM 14.1
    4) upgrade data to version 14.1

    While this is the only way we could think of so far that would fulfill all customers’ request and constraints it is probably not possible due to issue with IDM 12.6 not being compatible with windows server 2016

    Could you please advice if and how such upgrade/migration is possible under current constraints ?

     

    Thanks



  • 11.  Re: IDM Migration to Version 14.x

    Broadcom Employee
    Posted Oct 18, 2017 04:39 AM

    My original answer was focused on migrating to a vApp environment, you scenario is server based, so the answer will be slightly different.

     

    If the need is to keep the old environment as is, the best path is to replicate it (DB, Directory and application) to a contained and firewalled VM network. This will help to maintain exiting IPs and reduce risk of the provisioning server accidentally accessing endpoints. You might need to update the host files on the servers to maintain name resolution.

    You can then processing to upgrade the existing environment, and have the extra benefit of the replicated system as a roll-back option.

     

    Second option is to follow the path I describe for the vApp, only use a server based installation. In this scenario all audit information will be available on the old system only.