Migration into Symantec Identity Suite v15 using Mogrify migration utility
Article ID: 408419
Updated On:
Products
Issue/Introduction
This document will demonstrate using the Mogrify migration utility to migrate from an existing 14.x Identity Suite deployment into a newly deployed V15 environment.
Environment
Symantec IGA Xpress
Symantec Identity Suite
V15
Resolution
Table of Contents
This will be a simple demonstration of migrating from a 14.5.1 Virtual Appliance into a V15 Identity Suite environment.
Be aware in a non-VAPP based environment there are some additional steps. Specifically youll need to update the <extracted_path>\mogrify-<version>\conf\mogrify_config.properties file with pathing and other configuration settings based on your environment and choose which services to export from each server in a cluster.
Ensure you do not specify a service that is not deployed. For example with a 2 node cluster with:
Node1 = Identity Manager, Identity Governance, and Identity Portal, in mogify_config.properties the list.srv.export should = "IM, IG, IP"
Node2 = Provisioning Server, Provisioning Directory, Userstore in mogify_config.properties the list.srv.export should = "PS, PD, US"
See the Migration Documentation for additional details.
Brief Deployment and Mogrify overview playlist:
Symantec IGA 15 training series
PREPARE FOR MIGRATION
1. Copy the mogrify zip to all nodes of the Source environment, and onto the first node of the Destination environment. Unzip to the same directory structure on all nodes.
In a multiple node deployment the mogrify/export/ folder will be copied from the first node to each of the other nodes to allow it to fully gather environment configuration.
For this demo the mogrify.zip is placed into /tmp/ folder on SOURCE and TARGET systems.
2. Gather Passwords from Source System - The migration does not migrate Passwords and they will have to be entered on the Target deployment. Passwords to record:
DSA Admin and IMPS Admin passwords for Provisioning Directory,
DSA Admin password for User Store,
SiteMinder Admin and Agent Secrets,
and Database Passwords.
3. If using a new Database Server, work with DBA to migrate the databases into the new server and gather the JDBC connection information.
SOURCE ENVIRONMENT ACTIONS
All in one VAPP deployment or other single node deployment:
1. Extract the mogrify-<version> file.
$>unzip mogrify-<version>.zip
2. Run the migration script, mogrify.bat for windows, and mogrify.sh for VAPP and linux deployments:
$> tmp/mogrify-<version>./mogrify.sh
Tool exports existing configuration and data suitable to v15!, Do you want to proceed (y/n):Enter "y"
[Applicable only to the standalone deployments] Is this a clustered environment (y/n):Enter "y" for clustered and "n" for standalone.
Enter "y"
Do you want to finalize configuration and data (zip) for export (y/n):If IGA services are distributed across source machines, you must run the tool on each of these machines to collect their configuration and/or data. You run the tool on a machine and carry the exported configuration and/or data (<extracted_path>\mogrify-<version>\export) to the other machine, and you continue this until you reach the final machine. The final machine includes configuration and/or data from all the source machines and stores at <extracted_path>\mogrify-<version>\export folder. If this is your final machine, enter "y" asking the tool to compress the export folder.
Enter "y"
The tool extracts the configuration and data to the <extracted_path>\mogrify-<version>\export\ folder and creates export.zip.
The <extracted_path>\mogrify-<version>\export\export.zip is ready to be copied to the TARGET environment.
Multiple node VAPP deployment or other multiple node clustered deployment
NODE 1:
1. Extract the mogrify-<version> file on 'node 1' where 'node 1' is the first VAPP deployment or in a non-VAPP environment any of the nodes.
$>unzip mogrify-<version>.zip
2. Run the migration script, mogrify.bat for windows, and mogrify.sh for VAPP and Linux deployments:
$> tmp/mogrify-<version>./mogrify.sh
Tool exports existing configuration and data suitable to v15!, Do you want to proceed (y/n):Enter "y"
[Applicable only to the standalone deployments] Is this a clustered environment (y/n):Enter "y" for clustered and "n" for standalone.
Enter "y"
Do you want to finalize configuration and data (zip) for export (y/n):If IGA services are distributed across source machines, you must run the tool on each of these machines to collect their configuration and/or data. You run the tool on a machine and carry the exported configuration and/or data (<extracted_path>\mogrify-<version>\export) to the other machine, and you continue this until you reach the final machine. The final machine includes configuration and/or data from all the source machines and stores at <extracted_path>\mogrify-<version>\export folder. If this is your final machine, enter "y" asking the tool to compress the export folder.
Enter "n"
The tool extracts the configuration and/or data to the <extracted_path>\mogrify-<version>\export\ folder.
Node 2, and subsequent nodes:
1. Copy the entire \mogrify-<version>\export\ folder from 'Node 1' to 'Node 2', then for subsequent nodes, from 'Node2' to 'Node3' in sequence using the same pathing.
In a non-vapp deployment adjust the list.srv.export in the mogify_config.properties file to reflect the deployed components.
2. Run the >./mogrify.sh
$> tmp/mogrify-<version>./mogrify.sh
Tool exports existing configuration and data suitable to v15!, Do you want to proceed (y/n):Enter "y"
[Applicable only to the standalone deployments] Is this a clustered environment (y/n):Enter "y" for clustered and "n" for standalone.
Enter "y"
Do you want to finalize configuration and data (zip) for export (y/n):If IGA services are distributed across source machines, you must run the tool on each of these machines to collect their configuration and/or data. You run the tool on a machine and carry the exported configuration and/or data (<extracted_path>\mogrify-<version>\export) to the other machine, and you continue this until you reach the final machine. The final machine includes configuration and/or data from all the source machines and stores at <extracted_path>\mogrify-<version>\export folder. If this is your final machine, enter "y" asking the tool to compress the export folder.
Enter "n"
The tool extracts the configuration and/or data and adds to the existing data in the <extracted_path>\mogrify-<version>\export\ folder.
FINAL Node:
1. Extract the mogrify-<version> file on 'Final Node'
$>unzip mogrify-<version>.zip
2. Run the migration script, mogrify.bat for windows, and mogrify.sh for VAPP and Linux deployments:
$> tmp/mogrify-<version>./mogrify.sh
Tool exports existing configuration and data suitable to v15!, Do you want to proceed (y/n):Enter "y"
[Applicable only to the standalone deployments] Is this a clustered environment (y/n):Enter "y" for clustered and "n" for standalone.
Enter "y"
Do you want to finalize configuration and data (zip) for export (y/n):If IGA services are distributed across source machines, you must run the tool on each of these machines to collect their configuration and/or data. You run the tool on a machine and carry the exported configuration and/or data (<extracted_path>\mogrify-<version>\export) to the other machine, and you continue this until you reach the final machine. The final machine includes configuration and/or data from all the source machines and stores at <extracted_path>\mogrify-<version>\export folder. If this is your final machine, enter "y" asking the tool to compress the export folder.
Enter "y"
Answering y to the 'finalize configuration' question will perform the export from the final node, add that to the existing data in the <extracted_path>\mogrify-<version>\export\ folder and creates export.zip.
The <extracted_path>\mogrify-<version>\export\export.zip now holds the configuration and data from all existing Source nodes and is ready to be copied to the TARGET environment.
TARGET ENVIRONMENT ACTIONS
Setup v15 nodes using IGA Xpress
1. Set up the target environment by deploying Symantec IGA using IGA Xpress as normal.
Add all clustered nodes before deploying services and importing Source data.
Stop once the Services circles have been deployed onto the available Nodes. All steps after deploying will be performed on the Primary Node.
Import the overall configuration
1. Copy the export.zip from the SOURCE machines onto the Primary node in the new IGA Xpress deployment.
2. Unzip the export zip file:
$> unzip <path>/export.zip
4. Restore the configuration on target by running the following command:
$> igactl restore <path>/export/igx_conf/bkp-conf.tar
Configure Services
1. Log in to the IGA Xpress console at https://<ip_address>:10443 as the igx user.
In the Services tab, you can now view the restored configuration under the respective service tabs. However, you must manually configure the following parameters:
SUITE KEY
Passwords are encrypted using the suite key, ensure that you first configure the suite key. Do not lose this suite key. If it is changed ALL passwords will have to be reentered.
PASSWORDS
The migration tool does not consider passwords for migration. You will need the Passwords from the SOURCE system.
DATASOURCES
(including custom datasources) passwords for Identity Manager, Identity Governance, and Identity Portal
DSA Admin and IMPS Admin passwords for Provisioning Directory
NOTE: These Passwords are from the SOURCE environment. Depending on the configuration of the SOURCE environment other changes may be required such as updating the IMPS Admin user.
DSA Admin password for User Store
NOTE: These Passwords are from the SOURCE environment. Depending on the configuration of the SOURCE environment other changes may be required such as updating the Base DN.
SiteMinder Admin and Agent Secrets
NOTE: These Passwords are from the SOURCE environment.
Suite Key and Suite Password
2. Generate a Suite Key, save it in a notepad.> openssl rand -base64 32
3. Enter that for the Suite key and set the Suite Password.
NOTE: The Suite Password is being set at this time. The Suite Password will be used for access to things such as the Identity Management Console (default user 'imadmin'), the Portal admin page (default user 'admin'), and Governance (default user 'AD1/EAdmin')
If the source Identity Manager is FIPS enabled, the FIPS key is automatically populated as the suite key.
If your deployment includes only Identity Governance, you can use the FIPS key that is stored at /opt/brcm/iga/conf/idg/legacy_key as the suite key.
Click Apply button.
Datasources
1. Update the Datasourse's for Identity Manager, Identity Governance and Identity Portal. The Source Environment JDBC URL details will be populated after the restore scripts are run.
If using the SAME database, enter the Password for each of the Databases on the Datasources tab.
If using a NEW database, update the JDBC URL with the new Database Location and set the Password.
After updating all Datasource's for each Application Service, click the Save to Cluster then the Apply button before switching to the next Application Service:
2. If you have added any CUSTOM Datasources, the Custom Datasources will need to be reviewed and at minimum the database Password entered.
Provisioning Directory Passwords
1. For the Provisioning Directory, set the DSA Admin and IMPS Admin passwords click Save to Cluster, and then Apply
NOTE: These Passwords are from the SOURCE environment. Depending on the configuration of the SOURCE environment other changes may be required such as updating the IMPS Admin user.
Userstore Password
1. For the Userstore, set the DSA Admin password click Save to Cluster, and then Apply
NOTE: These Passwords are from the SOURCE environment. Depending on the configuration of the SOURCE environment other changes may be required such as updating the Base DN.
Siteminder
1. If you use SITEMINDER, under the Identity Manager Service, click the Siteminder tab and set the SiteMinder Admin and Agent Secrets click Save to Cluster, and then Apply
Import User and Provisioning Store data from Source Environment
1. Import UserStore:
$>igactl restore <path>/export/ustore_data/bkp-ustore-data.tar
2. Import Provisioning Store:
$>igactl restore <path>/export/impd_data/bkp-impd-data.tar
RESTART CLUSTER TO FINALIZE MIGRATION
1. Restart cluster by clicking the Restart Cluster icon under the Cluster tab in the IGA Xpress console.
POST INSTALLATION TASKS
Migrating Reports
Migrating custom Drivers
This can also include external changes such as updating Load Balancer or DNS addresses.
Additional Information
The tool extracts the configuration and/or data to the <extracted_path>\mogrify-<version>\export folder. If your input is "y" in the finalize configuration step, the tool compresses the export folder (.zip). The configuration and data are backed up in the following folders:
Configuration --> <extracted_path>\mogrify-<version>\export\igx_conf\bkp-conf.tar
Provisioning Directory Data --> <extracted_path>\mogrify-<version>\export\impd_data\bkp-impd-data.tar
User Store Data --> <extracted_path>\mogrify-<version>\export\ustore_data\bkp-ustore-data.tar
After exporting all services, the <extracted_path>\mogrify-<version>\export.zip file contains the consolidated configuration and data from all services.
For more specifics on what mogrify is exporting for your environment see KB 421469 What Does Mogrify export from the Source System for migration into V15?
Feedback
