When planning an upgrade of Siteminder environment as In-place, one
might like to know the order of the upgrade of Policy Stores and
Policy Servers.

Note that in this scenario it's needed to upgrade the Policy Store
software, as the current version is not supported with the new Policy
Server version.

Policy Server 12.7;
Policy Store on CA Directory 12.6;

At first glance, according to documentation, upgrade first the Policy
Servers and then the Policy Store data. The Policy Servers can run
with old Policy Store data (1).

As per 12.7 Support Matrix, the Policy Server 12.7 are supported with
CA Directory 14.0 (2).
   
As such, first upgrade the CA Directory to 14.0, and then upgrade
Siteminder as In-Place to 12.8.

We strongly suggest you to test the upgrade plan in lower environment
in order to validate it.

(1)

    Upgrade Order for In-place Upgrade

      To migrate a deployment with multiple Policy Servers and agents,
      remove one of the components from the environment. While the
      component is being upgraded, the remaining components continue
      to protect resources. Continue removing and upgrading components
      until all components are upgraded or operating in mixed-mode
      compatibility.

      The following figures show a simple r12.5x environment. The
      stages detail the order in which existing components are
      upgraded. Each figure depicts a single policy store and key
      store. However, a deployment can use separate policy and key
      stores.

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/upgrading/in-place-upgrade.html

(2)

    2.3 Database and Directory Systems

      | Data Store System   | Version    | Policy |
      |                     |            | Store  |
      |---------------------+------------+--------|
      | CA Directory Server | 12.x, 14.0 | Yes    |

      p.4

    https://ftpdocs.broadcom.com/WebInterface/phpdocs/7/5262/5262-12-7-platform-support-matrix.pdf