Chapter 2. Planning 63
Figure 2-12 Standby Policy Server configuration using a load balancer
Access Manager is designed for scalability as well as availability. Scalability of
Access Manager enables good growth in size of future capacities by allowing you
to add additional components of the same sort and providing smart load
balancing mechanisms to perfectly utilize these new components.
2.7 Upgrade considerations
Access Manager is a complex solution that uses many components and relies on
many dependencies. The process of upgrading IBM Tivoli Access Manager to
Version 6.0 requires you to consider the interdependencies among the various
Tivoli Access Manager components and other software components on which
the system depends. There are many different ways to deploy Tivoli Access
Manager components. IBM Tivoli Access Manager for e-business Upgrade
Guide Version 6.0, SC32-1703 presents specific scenarios that cover a large
portion of Tivoli Access Manager deployments.
The following steps describe, at a high-level, the activities for upgrading an
Access Manager for e-business environment:
1. The first step in any upgrade or migration process is to back up all
components of the current system. A backup should be done for every server
that contains any Access Manager components using the standard Access
Primary
Policy Server
PDRTE PDRTE
Standby
Policy Server
Load Balancer
(Monitoring HTTPS on 7135)
Other AM
Components
PDRTE
Other AM
Components
PDRTE
Primary – OK
Standby- Down
Shared Storage
Primary
Policy Server
PDRTE PDRTE
Standby
Policy Server
Load Balancer
(Monitoring HTTPS on 7135)
Other AM
Components
PDRTE
Other AM
Components
PDRTE
Other AM
Components
PDRTE
Other AM
Components
PDRTE
Primary – OK
Standby- Down
Shared Storage
64 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
Manager tool for backup and restore operations pdbackup. Along with this
step, it is very important to back up the user registry using appropriate backup
tools that come with the product. If you encounter a problem when migrating
to Tivoli Access Manager 6.0, you might need to restore the system to its prior
level.
2. Upgrade the user registry to the level that is supported by Access Manager
V6.0. IBM Tivoli Directory Server 6.0 is the only supported registry that does
not require additional configuration after upgrading. For all other supported
registries (including previous version of IBM Tivoli Directory Server), the
LDAP schema needs to be manually updated to support Access
Manager 6.0. Use the ivrgy_tool to update the schema. If your user registry
is Microsoft Active Directory, the upgrade needs to be performed in two steps:
a. Update the data model using the adreg_migrate utility. This tool adds and
modifies Microsoft Active Directory ACL/ACE for Tivoli Access Manager
users and groups.
b. Update the schema from the previous release to Tivoli Access Manager
6.0 using adschema_update.
3. Back up your Policy Server. Tivoli Access Manager supports an upgrade of
the Policy Server to version 6.0 either on the same system, or using two
separate systems — your current Policy Server system and a second, clean
system for the new 6.0 Policy Server. The two-system approach is not
supported if you are using Microsoft Active Directory or Lotus Notes® Server
as your user registry. The two-system approach provides the ability to keep
your current Policy Server functioning as you set up and test a new 6.0 Policy
Server system. This approach provides a shorter system downtime, but it is
more expensive since it requires additional hardware. If you encounter a
problem when upgrading using two systems, take the Access Manager 6.0
Policy Server offline.
4. The upgrade of Access Manager core components is now finished. We can
approach the upgrade of the remaining systems:
– WebSEAL
– Authorization Servers
– Policy Proxy Servers and so on
Note: If you did not perform the installation using the IBM Tivoli Directory
Server installation wizard, you need to manually perform a Directory
Server migration from the previous release. This can be done using the
Instance Administration Tool (started with the command idsxinst), or
using the idsimigr utility for command-line migration.
Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
