000012384 - AxM - Need ClearTrust 5.5.3 to Access Manager 6.0.4 upgrade information and files for Solaris

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012384
Applies ToAccess Manager 6.0.4
ClearTrust 5.5.x
SUN Solaris
IssueAxM - Need ClearTrust 5.5.3 to Access Manager 6.0.4 upgrade information and files for Solaris
ClearTrust End Of Life is December of 2009 and customers require some tips on the upgrade process and the materials required. As with any installation and upgrade, the Installation and Configuration guides , readmes and release notes should be referenced as well.   Customers upgrading from 5.5.x to 6.0.4 on the Solaris platform.
Resolution

Instructions to upgrade from ClearTrust 5.5.x to Access Manager 6.0.4 for Solaris

One of the most important issues when upgrading from 5.5.x to 6.0.4 is the backend Schema changes.  With LDAP datastores, the original release of Access Manager 6.0 introduced an issue with the LDAP schema upgrade.  The Access Manager 6.0.4 patch kit and a corrected ldap_55_to_60.sh file are required to upgrade the LDAP schema.  Backup your datastore before performing any upgrades

This is the link to the full installation of Access Manager 6.0 for all platforms:
ftp.rsasecurity.com/support/hotfixes/accmgr/servers/6.0.x/AXM60.zip

Optional components which are provided with Access Manager 6.0 are available at these links. They are not required for Access Manager operation:
BEA Weblogic9.2
ftp.rsasecurity.com/support/hotfixes/accmgr/servers/6.0.x/BeaWL92.zip
RSA Certificate Manager 6.7
ftp.rsasecurity.com/support/hotfixes/accmgr/servers/6.0.x/CERTMANAGER67.zip

When running the Access Manager 6.0 server installation, the automated upgrades scripts will try and migrate the 5.5.3 settings to the new configuration, but may not be able to accommodate configuration files that have been heavily modified. A more successful result may be obtained by using the 6.0 configuration files and migrating the 5.5.3 settings over manually.  There are additional settings in the 6.0 files that were introduced as hot fixes and new features.

Manually copy over the keyserver.sec and keyclient.sec files from the $CT_HOME/var directory as well as the license.xml and optional Java JKS or p12 keystores that are in the $CT_HOME/conf directory.
 
Obtain and install the Access Manager 6.04 patch for Solaris. The single distribution supports both 32 and 64 bit JRE. It is available here:
ftp.rsasecurity.com/support/hotfixes/accmgr/servers/6.0.x/axm-server-6.0.4-solaris-sparc.tar.gz

A new feature of Access Manager 6.0.4 provides support for RSA Adaptive Auth Server products.   The 6.04 pack provides additional jars which are specific to Adaptive Auth.  Copy all the jars in the /lib directory as instructed in the readme.txt and release notes that come with the 6.0.4 patch.

Re-deploy the latest Access Manager 6.0.4 admingui.war file. It is located in the /webapps directory of the 6.0.4 patch kit.   

Replace the java JRE located in $CT_HOME/jre directory installed by 6.0 with that provided with the 6.0.4 patch.  It is located in the /dst directory of the 6.0.4 patch kit.    The new jre provides support for all current DST requirements and both 32 and 64 bit hardware with the same distribution.

Obtain the corrected ldap_55_to_60.sh file to upgrade the LDAP schema.  Follow the schema update instructions in the Access Manager 6.0 upgrade.pdf file using this replacement ldap_55_to_60.sh file.
Note: If upgrading SQL schema then this file is not required. Use the sql schema update files supplied with the original Access Manager 6.0 install package.
ftp.rsasecurity.com/support/hotfixes/accmgr/servers/6.0.x/axm-server-6.0.4.13.zip

Obtain the latest 6.0.4 hot fix of the components.  Currently only the cleartrust.jar has been updated. The latest Cleartrust.jar is available here:
ftp.rsasecurity.com/support/hotfixes/accmgr/servers/6.0.x/axm-server-6.0.4.11.zip

Compare the startup script .sh  files in the $CT_HOME/bin directory in both  installs 5.5.3 and 6.0, especially the aserver.sh. Check the java heap setting ?Xmx, 128m is too low, 256 is the minimum. Use a higher value if found in the 5.5.3 settings.  Do not carry over any additional custom java directives for garbage collectors.  The 1.5 JRE used by Access Manager 6.0.4 has improved garbage collection facilities.

 

 

Legacy Article IDa44407

Attachments

    Outcomes