000024294 - How to migrate the database from RSA ACE/Server 5.x or RSA Authentication Manager 6.x to new hardware or a newer version

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024294
Applies ToRSA Authentication Manager
RSA ACE/Server
UNIX (AIX, HP-UX, Solaris)
Microsoft Windows
IssueMigrate the database from RSA Authentication Manager 5.x/6.x to new hardware or to a newer version installation
Migrate the database from RSA ACE/Server 5.0.x to version 5.1/5.2
Migrate the database from RSA ACE/Server 5.1 to version 5.2 or RSA Authentication Manager 6.0
Migrate the database from RSA ACE/Server 5.2 to RSA Authentication Manager 6.0/6.1
Perform a fresh installation RSA Authentication Manager 6.x or RSA ACE/Server 5.x on a replacement server, and then migrate the database from the production to the replacement server.
Migrate the existing database from a production RSA ACE/Server greater than version 5.0.1 to a new installation. This assumes that RSA ACE/Server 5.2 has been installed successfully.
Migrate the existing database from a production RSA ACE/Server greater than version 5.1 to a new installation. This assumes that RSA ACE/Server 5.2 or RSA Authentication Manager 6.0 has been installed successfully.
ResolutionHow to migrate the database from RSA ACE/Server 5.x or RSA Authentication Manager 6.x to new hardware or a newer version
Note: If a new or unknown license.rec file is present on the server, back it up in a different directory with a readme that describes the file. (Extra license.rec files should be limited and documented on an ACE/Server. You might have extra license files if you have had license upgrades to the system. In this case, at least one backup copy of license.rec exists in the data directory as license.old.)
Proceed to the appropriate section based on the server operating system: Windows or UNIX.

Windows
On the original primary RSA/ACE Server, do the following:
  1. Stop the server. Go to Start > Control Panel > RSA ACE/Server > Stop and wait for broker service stopped message.
  2. Complete a database dump. For detailed instructions, see the section at the end called "How to create a database dump".
On the new primary RSA ACE/Server, do the following:
  1. Open a command prompt.
  2. Stop the server. Go to Start > Control Panel > RSA ACE/Server > Stop and wait for broker service stopped message.
  3. Set the current directory to the RSA installation path: c:\ace
  4. Create a directory in \ace\ called legacy. Run:
    md legacy
  5. Copy the following files from the original RSA ACE/Server to the new directory \ace\legacy\:
    ace\data\license.rec
    ace\data\sdserv.dmp
    ace\data\sdlog.dmp (optional)


    Important: When you load a dump file, the license.rec file ensures that the dump file can be decrypted.

    Note: If you plant to start a new log database, omit sdlog.dmp.
     
  6. Clear the new primary RSA ACE/Server database.

    Important: If you are merging two existing RSA ACE/Server databases (for example, you need to preserve the current database and add new records from another database), skip this step.
     
    a. Run:
      \ace\prog\sdnewdb
    In the window that appears, select both log and server databases and click OK. This starts building the new databases.

    b. At the warning prompt that the databases exist, click Yes and click OK.

    c. Run:
      \ace\prog\sdrepmgmt add

    d. Enter the FQDN of the primary RSA ACE/Server (for example, primaryace.mydomain.com) and press ENTER.

    e. Accept the defaults for Replica Service Name, Startup Delay Interval, Replication Interval, Alias1, Alias2, and Alias3.

    f. Add the user to the database as the first admin. Run:
      \ace\prog\sdcreadm {{Administrator (windows) aceadmin (UNIX)}}
    To prevent a conflict, choose a unique user name that does not exist in your database.

  7. Load the server database:
     
    a. Run:
      \ace\prog\sdload

    b. Select the Server Database checkbox; browse to \ace\legacy\sdserv.dmp, select the Server database contains different license record checkbox, select the Merge records from checkbox, and click OK.

    c. When "Done" is the last line, click Close.

  8. Load the log database (optional):

    Note: Load the log database only after loading the server database, and load the file in its own cycle. Also, note that you cannot merge two log databases, or load the log database at the same time as the server database.
     
    a. Run:
      \ace\prog\sdnewdb

    b. In the window that appears, select the log database and click OK. This starts building the new databases.

    c. Run:
      \ace\prog\sdload

    d. Select the Log Database checkbox, browse to \ace\legacy\sdlog.dmp, and click OK.

    e. When "Done" is the last line, click Close.

  9. Start the RSA ACE/Server. Launch the ACE/Server applet in the Control Panel, and use the stop and start buttons.
  10. Open Database Administration Host Mode to see the changes to the database.
UNIX
On the original primary RSA/ACE Server, do the following:
  1. Stop the server:
     
    a. Run:
      ./ aceserver stop

    b. Run:
      ./ sdconnect shutdown

    c. Run:
      ps ?ef |grep ace

    d. Verify that all processes are stopped.

  2. Complete a database dump. For detailed instructions, see the section at the end called "How to create a database dump".
On the new primary RSA ACE/Server, do the following:
  1. Create a directory under the /ace/ directory path called "leg" (The name is short for Legacy.)
  2. Using FTP in binary mode, copy the following files from the original RSA ACE/Server to the corresponding location on the new primary server:
    ace/data/license.rec
    ace/data/sdserv.dmp
    ace/data/sdlog.dmp (optional)

     


    Important: When you load a dump files, the file license.rec ensures that the dump file can be decrypted.

    Note: If you plant to start a new log database, omit this file.
     
  3. Clear the new primary RSA ACE/Server database.

    Important: If you are merging two existing RSA ACE/Server databases (for example,you need to preserve the current database and add new records from another database), skip this step.
     
    a. Run:
      ./ace/prog/sdnewdb
    and choose all. This starts building the new databases.

    b. Run:
      ./sdrepmgmt add

    c. Enter the FQDN of the primary RSA ACE/Server (for example, primaryace.mydomain.com) and press ENTER.

    d. Accept the defaults for Replica Service Name, Startup Delay Interval, Replication Interval, Alias1, Alias2, and Alias3.

    e. Run:
      ./sdcreadm
    (This adds the file owner to the database as the first admin.)

  4. Load the server database. Run sdload from the /ace/data path, with the -s option to load the server database, -m for merge mode, -k if the server dump file was encrypted with a different license record, and optionally -l for the log database.

    The following are examples:

    {../prog/sdload -s -m -f  /ace/leg/sdserv.dmp -k /ace/leg/license.rec}


    {../prog/sdload -s -m -f  /ace/leg/sdserv.dmp?l /ace/leg/sdlog.dmp -k /ace/leg/license.rec}
     
  5. Start the server to verify the database:
     
    a. Set the current directory to /ace/prog.

    b. Run:
      ./sdconnect start

    c. Run:
      ./aceserver start

    d. Run:
      ./sdadmin

How to create a database dump
To create the sdserv.dmp file:
  1. Stop the production RSA ACE/Server. (For instructions, use the same procedure that appears at the beginning of the database migration procedure for the server operating system.)
  2. From the command prompt, set the current directory to ace\prog.
  3. Run the sdcmprss.exe (Windows) or sdcompress -s (UNIX) command, select only the server database, and click OK.
    (This step ensures that you have a clean and upgrade-capable database. This is recommended as a safety step but is not always required.)
  4. Run the sddump utility.
     
    Windows: ace\prog\sddump.exe
    UNIX: ./sddump


    Select the server database, but do not select any options because they limit the data that is written to the dump. You may optionally select the log database, but it is not required. Click OK to dump the database.
  5. From the production server, copy the following files:
    ace\data\sdserv.dmp
    ace\data\license.rec
    ace\data\sdlog.dmp (optional)

NotesRSA supports database migration only from the 2 most recent versions forward. This means that if you have RSA ACE/Server 5.0.4, you must upgrade to version 5.1 or 5.2 prior to upgrading or migrating the database to RSA Authentication Manager 6.0.
Legacy Article IDa21468

Attachments

    Outcomes