Hi, there
our customer have purchased new RSA AM 8.4, which will be setuped on VMware EXSi, but need migrate configuration from the old hardware appliance whose version is 8.1 SP2.
I am not sure whether the migration can be process and how to migrate
old AM 8.1 SP2 was configured with LDAP server to read user databases and some users configured Radius attribute to bind to ASA user group.
thank you so much.
I am not sure what your starting version is, there is no 8.1 SP2. However, what needs to be done is: upgrade current version to target version, then can do a backup current primary/restore to target primary, and that will get the entire configuration onto 8.4. Then can install new 8.4 replicas (do not set up 8.4 replicas before restore or they will be cut-off and need to be set up again).
Backup and restore is version specific, the source and target versions must match exactly or restore will fail.
None of these can be skipped:
....lets say current version is 8.1 sp1. [8.1.1.0.0]
8.1.1.0.0 - upgrade to 8.2.0.0.0
8.2.0.0.0 - upgrade to 8.2.1.0.0 (8.2.sp1)
8.2.1.0.0 - upgrade to 8.3.0.0.0
8.3.0.0.0 - upgrade to ***8.4.0.0.0
Now backup and restore to target 8.4.0.0.0.
***NOTE: 8.4 update is too large to upload via browser, so either choose the update source as NFS or Windows share,
or CD-ROM, and can go from 8.3.0.0.0 to 8.4.0.0.0. If you want to use a browser you need 8.3.0.6.0 first, as 8.3 patch 6 has a configuration parameter to allow unlimited browser uploads, so the larger upgrade 8.4.0.0.0 will install.
Alternatively, if you want to keep users and tokens and pins assigned, but don't mind re-configuring LDAP and any agents by hand on 8.4, you can skip all these patches, and just to an 'export users and tokens' from the source version, and import that to 8.4. If users are in LDAP build that connection in 8.4 first. Export/import users and tokens will bring all users and assigned authenticators and pins over, but you'd need to build out the rest of the config on 8.4 from scratch, and build the agents again (also clearing node secrets on the agents if they have them). If you have too many agents or other config, then patching and backup/restore is best.