As an enterprise continues to embrase the virtualization technology, there comes the point when it may decide to move its existing on-prem CA Directory implementation to the cloud or at least partially to the cloud. The Directory Servers part of the implementation can be migrated from a set of servers to another new set of servers without a Management UI server. To manage the new set of servers using a new Management UI server is the focus of this article. 

CA Directory Management UI has two main components:

• Directory Manager, and
• SCIM Services

In addition, it provides two separate RestAPIs for these two main components.

Directory Manager is commonly referred as Management UI to distinguished it from the old DXmanager in the r12 releases.

This article focuses on migrating only the Directory Manager component to a new set of servers as part of a parallel migration of a complete set of CA Directory implementation.

After the migration, the new set of servers is assumed to work standalone without any interaction with the existing implementation and the existing implementation can then be safely retired.

Release: 14.1
Component: CA Directory

A likely scenario for the migration is to migrate an on-prem CA Directory implementation to a cloud infrastructure and vice versa.

CA Directory installation packages consist of the Directory Server package and Directory Manager package. The building of a new parallel Management UI server starts with the installation of the Management UI sing the Directory Manager package. In theory, we can import the existing Management UI repository into the new Management UI repository and gain all the deployment information immediately.

Why Not Migrating the Management UI Repository?

Even though the existing Management UI has a repository that contains the deployment information of the Directory servers that are being managed using the UI, to do a parallel migration, the following items are creating challenges for us to simply restore the existing data into the new Management UI repository:

• All DXagents need to be updated: a DXagent is known as a host within a Management UI Environment. It is identified by a name, a host address, a port number, a CA certificate, a Client Certificate, and a Client Key. For a parallel environment, only the name and likely the port number can be re-used. The other four pieces will need to be updated for a new equivalent Directory server and its DXagent.
• All the addresses used by all DSAs are most likely need to be changed. The way how Management UI works can easily create risks during the changes of them.

It is Relatively Easy to Rebuild the Management UI Repository

Assume all the DSAs have been ported to the new parallel servers, see

Migrate a CA Directory Linux Implementation to a New Set of Servers

Then we are now having a set of existing in-service directory servers in our hand and hence by following the article:

Use Management UI to Manage Existing In-Service Directory Servers

to recreate all the Environments and re-register all corresponding DXagents will do the trick as all the correct DSAs information will just be pulled into the new Management UI repository.

Once the new Management UI server is up and running correctly, if desire one can then following the product documentation link show below to setup the high availability of the additional Manager UI servers:

Set Up High Availability for Directory Management UI