SiteMinder : Policy Store data export and import strategy planning
search cancel

SiteMinder : Policy Store data export and import strategy planning

book

Article ID: 192002

calendar_today

Updated On: 12-27-2024

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

Best Practices :  When running 2 sets of Policy Stores, what's the best way to make sure that both Policy Stores set has the same data?

 

Environment

Policy Server 12.8.x

Resolution

At first glance, the best way to do it is to use the vendor Policy Store LDAP tools to duplicate the data and import them in the other Policy Stores.

Example : ODSEE Policy Stores. Replication between 2 instances are usually the way to do this.

A community thread reply to the same request, but with CA Directory as Policy Store. That seems to work fine (1).

https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=800074#bm67de3615-1049-400e-a9b1-7d3619517eb3

If both Policy Store instances are planned to be in a separate environment, XPSExport can be used too. Make sure that the Policy Store data are 100% healthy before doing this to avoid unexpected results when importing the data (2).

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/upgrading/correct-integrity-errors-of-policy-store.html

It's highly recommended to test the Policy Store duplication in a lower environment before bringing the modification to Production.

 

Additional Information