CoreBlox: Planning Your Upgrade to CA SiteMinder R12

CA SiteMinder r12 is on the horizon, and soon your organization will learn the date when your current SiteMinder version will no longer be supported. The time is now to start planning for this day and your eventual upgrade.

CA SiteMinder Internet Access Manager R12 improves upon the functionality available in SiteMinder 6.x in several areas. In addition to fine-grained delegation through the new administration user interface, R12 improves directory mapping, adds support for web services, bundles federation support previously only available through the Option Pack and introduces fine-grained authentication capabilities. While these features warrant upgrade consideration on their own, an eventual end-of-life of SiteMinder 6.x will require an upgrade of your existing environment.

As you begin the process of upgrading your environment to R12, careful consideration is required to make sure the migration goes smoothly. New components like an application server are required and even the way policies are stored has changed with the addition of the extended policy objects. SiteMinder deployments provide mission critical functionality and the upgrade must be completed with minimal risk or downtime. To ensure a smooth upgrade path, ensure that you spend sufficient time planning for each phase of the move to SiteMinder R12.

Your Upgrade Strategy

As you look at your strategy for upgrading to SiteMinder R12, you need to consider the following:

Make sure that you have detailed information on each component of your SiteMinder environment
Understand your maintenance windows
Ensure that you have a good recovery and rollback plan
Map out the upgrade order of the components
Analysis

When breaking down your existing SiteMinder environment, keep in mind the following SiteMinder components:

There are several things to consider as you analyze your current environment. Make sure that you minimally have the following details:

The number of policy servers and agents you have deployed and the versions of each component. The audit logs on the policy servers can be reviewed to capture this information.
Which policy servers are being used by each agent. While the host config object can provide some details here, don't forget that the SmHost.conf file contains the bootstrap policy server for the agent and that information is not stored centrally. You can use the audit logs to help narrow this down further.
Determine if your agents are operating in failover or round-robin modes and which agents are providing single sign-on for unified applications. Careful review of the upgrade documentation is required to ensure that single sign-on and correct handling of failover and round-robin modes are maintained during the upgrade process.
Determine which authentication schemes are being used and ensure that there are no required configuration changes for those authentication schemes.
Map out all your 3rd-party and custom components. You will want to validate that your 3rd-party components are compatible with R12. Any custom components will require testing and may need to be recompiled.
Spending the time to collect this information will allow you to map out a detailed plan. You can combine this with information on your maintenance windows and off-peak times to minimize the upgrade impact and reduce risk.

Recovery Strategy

If you have the luxury of standing-up another environment and then migrating over to your new systems, recovery is simply a matter of switching back to the old environment. Similarly if you are using VMWare or similar virtualized systems, this give you the flexibility or taking your existing image, upgrading it and then deploying it while being able to roll back to the old image if needed. If you're like most of us, the only way to do this is inline. Before upgrading, be sure to backup. Aside from backing up the machine, make sure you backup the following:

Policy store using smobjexport
Configuration files like the WebAgent.conf conf, SmHost.conf customized forms and other FCC's, etc.
Web Server configuration files like Apache's httpd.conf
Upgrade Plan

Once you have completed the analysis of the environment put together a plan that ensures that all components in the environment will remain compatible. The typical approach is to upgrade the policy servers first and then the web agents. This may change depending on the version of the agents deployed. Once you have run the installer for R12, you can't revert back without uninstalling. So, make sure that you've mapped out a strong recovery strategy.

Make sure that you have tested the upgrade in several environments prior to rolling this out to production. Having a well documented and tested strategy takes some time to put together, but the reduced risk and post-upgrade issues is well worth the investment.

For a limited time, CoreBlox is offering a free consultation on ways you can prepare for your SiteMinder r12 upgrade. We'll visit your site and meet with your infrastructure team to gain an understanding of your environment, including user stores, policy stores, LDAP and database directories. Please visit our web site for more information.

Share:


Tags: consulting, security, siteminder


About CoreBlox Inc.

View Website

David Saraiva
Press Contact, CoreBlox Inc.
CoreBlox Inc.
24 Longview Rd
Framingham, MA 01701
United States