Authors:

K. Surya Satya Narayana

Pashupathinath Cheela

Overview

Introduction

Migration Process

     1. Getting Started

     2. Prerequisites

     3. Backup of eDirectory database and NICI keys on NetWare 6.5 SP7 and
         OES 2 SP1 Linux servers

     4. Authenticate to source and target servers

     5. Select migration type as Transfer ID

     6. Start Migration

     7. Transfer ID started

     8. Reconfiguring IDM on target OES2 SP1 Linux server

Conclusion

Overview:

This AppNote describes how the Identity Manager 3.5.1 driver set and related configuration files on NetWare 6.5 SP7 are migrated to OES2 SP1 Linux server with the help of Novell Migration Tool. The Transfer ID scenario of the migration utility migrates Netware 6.5 SP7 eDirectory with Identity Manager 3.5.1 schema and the server identity to OES2 SP1 Linux server. The following is migrated the OES 2 SP1 server

• eDirectory objects, including user objects

• Host Name

• Host IP

• Identity Manager driver set, configuration files, passwords and digital certificates etc

This AppNote also explains how transparently the functionality of Identity Manager 3.5.1 is migrated from NetWare to OES2 SP1 Linux server.

Introduction:

A brief introduction about the technologies used in this AppNote.

1. Identity Manager: Identity Manager provides synchronization of data between the Identity Vault and the connected system. The connected system consists of applications, directories, databases or files such as SAP, PeopleSoft, Lotus Notes, Microsoft Active Directory, Novell eDirectory, Linux and LDAP directories.
   
   

   Data synchronization provides the foundation for automating business processes. A single data is synchronized between two or more devices automatically in Data Synchronization. As a part of its data synchronization capability, Identity Manager also helps you to synchronize sensitive information like digital certificates & passwords between systems. For example, if a user changes his or her password in Active Directory, Identity Manager can synchronize that password to Lotus Notes and Linux.

• Migration: Migration is the process of migrating the services, file system data, and eDirectory information from an existing NetWare server to an OES 2 SP1 Linux server. There are 2 types of migrations exist – Consolidation and Transfer ID. In Consolidation data and services are migrated to target server. In the Transfer ID scenario along with data and services the entire server identity is transferred to the target server. IDM migrates with the Transfer ID scenario.

Migration Process:

1. Getting Started:
   
   
   
   
   • IDM 3.5.1 is installed and configured with its drivers on NetWare. For example eDirectory driver with password synchronization on NetWare 6.5 SP7.
   
   
2. Source server (Netware 6.5 SP7) and Target server (OES2 SP1) are installed in the same context of the eDirectory tree.

• Select the following patterns from software selection during installation of the Target server.
  
  
  
  • Pre-Migration Server: On selecting this option the target server is installed as a non-replica server in the eDirectory tree. This is a mandatory requirement to perform Transfer ID.
  
  
• Novell Storage Services (NSS)

• Novell iManager

• C/C Compiler and Tools

Click to view.

Fig 1: Package Selection

• Prerequisites:
  
  
  
  
  • Ensure that the source server and target server are running supported versions of NetWare and Linux server software.
  
  
• User must have sufficient rights to perform migration.

• Stop all drivers on the source server.

• Ensure that all the eDirectory operations are complete before performing Transfer ID migration.

• Verify the health of source server eDirectory by loading dsrepair and run the following option:

• Unattended Full Repair . If any errors are reported, resolve them before attempting the migration.

• Verify the health of target server eDirectory by loading ndsrepair and run the following option: Unattended Full Repair. If any errors are reported, resolve them before attempting the migration.

• It is recommend to take backup of eDirectory database and NICI keys on both the source server and target server.

• Ensure the host name and IP address of the source server and target server are resolved using DNS server or /etc/hosts file.

• Ensure all the eDirectory replicas are up and working in the current partition, otherwise eDirectory migration cannot be completed successfully.

• Time is synchronized across all the servers that host the eDirectory replicas in the partition where the source server and the target server resides. Time is synchronized between source and target servers.

• Verify time synchronization at source NetWare server using dsrepair --> Time synchronization. If the source server is not in time sync, then restart NTP/Timesync on the NetWare server.

• Verify time synchronization at destination server using 'ndsrepair -T' command. If it is not in time sync, then run '/etc/init.d/ntp restart' on the terminal to get this server into time sync.

• Backup of eDirectory database and NICI keys on NetWare 6.5 SP7 and OES2 SP1 Linux servers
  
  In case of Transfer ID failure at any stage with the following procedure eDirectory data base and NICI keys are restored on NetWare 6.5 SP7 and OES2 SP1 Linux servers.
  
  
  Note: A tester version of backup and restore method (can say work around) is provided below. For more information about Novell eDirectory Backup and Restore is available in Novell eDirectory 8.8 Administration Guide.
  
  
  
  
  
  1. To backup and restore on a NetWare Server 6.5 SP7
     

     Backup:

     
     
     
     
     1. load tbx
     
     
  2. unload ds
  
  
• mkdir sys:\_netware\dib.bak

• copy /q sys:\_netware\* sys:\_netware\dib.bak

• load ds

• mkdir sys:\system\nici.bak

• copy /q sys:\system\nici\* sys:\system\nici.bak\

1. load tbx

• unload ds

• copy /q sys:\_netware\dib.bak sys:\_netware\

• load ds

• copy /q sys:\system\nici.bak\* sys:\system\nici\

• To backup and restore on a OES 2 SP1 Linux Server
  
  
  
  Backup:
  
  
  
  1. /etc/init.d/ndsd stop
  
  
• mkdir /var/opt/novell/eDirectory/data/dib.bak

• cp -rp /var/opt/novell/eDirectory/data/dib/* /var/opt/novell/eDirectory/data/dib.bak/

• mkdir /var/opt/novell/nici.bak

• cp -rp /var/opt/novell/nici/* /var/opt/novell/nici.bak/

• /etc/init.d/ndsd start

1. /etc/init.d/ndsd stop

• cp -rp /var/opt/novell/eDirectory/data/dib.bak/* /var/opt/novell/eDirectory/data/dib/

• cp -rp /var/opt/novell/nici.bak/* /var/opt/novell/nici/

• /etc/init.d/ndsd start

• Authenticate to source and target servers
  
  
  
  1. Launch migration utility using command 'miggui' from linux terminal on target server or Click Computer > More Applications > System > Novell Migration Tools.
  
  
• Authenticate to source server by clicking source server and then give tree admin credentials and click OK.
  
  
  
  

  
  
  

  
  

  Click to view.

  
  

  Fig 4.1: Authenticate to source server NetWare 6.5 SP7

  
  
  
  

• Click on target server and give tree admin credentials to authenticate to target server and click OK.
  
  
  
  

  
  
  

  
  

  Click to view.

  
  

  Fig 4.2: Authenticate to target server 32-bit OES2 SP1 Linux

  
  
  
  
  

• Select migration type as Transfer ID
  

  The Transfer ID scenario runs a series of tasks for transferring the server identity of the source server to the target server. The identity of the server is made up of its IP address, host name, eDirectory identity, NICI keys, and the user certificates from the source server. On successful completion of the Transfer ID migration, the target server functions with the identity of the source server.

  
  
  
  
  

  
  
  

  
  

  Click to view.

  
  

  Fig 5: Selection of Migration Type "Transfer ID"

  
  
  
  
  

• Start Migration.
  
  
  
  1. Click Start button and Click OK when asked to do Transfer ID without migrating any services.
     
     
     

     
     
     

     
     

     Click to view.

     
     

     Fig 6.1: Click Transfer ID

     
     
     
     
  
  
  
• Read the warning messages and click OK.
  
  
  
  

  
  
  

  
  

  Click to view.

  
  

  Fig 6.2: Click "Yes" to proceed

  
  
  
  

• Transfer ID started
  
  
  
  1. eDirectory Precheck : Here it checks for time synchronization between source and target servers.
     
     
     
     

     
     
     

     
     

     Click to view.

     
     

     Fig 7.1: eDirectory Precheck. Click "Next" to proceed

     
     
     
     
  
  
  
• Preparation: Here this task unconfigures eDirectory on target server and removes Unix work station object of target server.
  
  
  
  

  
  
  

  
  

  Click to view.

  
  

  Fig 7.2: Preparation. Click "Next" to proceed

  
  
  
  

• DIB Copy: Depending on the eDirectory DIB size of source NetWare server it takes some time to copy DIB from source server to target server.
  
  
  
  

  
  
  
  

  
  

  Click to view.

  
  

  Fig 7.3: DIB copy. Click "Next" to proceed (Contd.,)

  
  
  
  
  
  

• Click Next, it gives a pop-up message that source servers DIB is backed up at sys:backup.nds. DIB copy operation automatically locks the eDirectory data base on source server.
  
  
  
  

  
  
  

  
  

  Click to view.

  
  

  Fig 7.4: DIB copy. Click "OK" to proceed

  
  
  
  
  

• Shutdown Source: Shutdown source NetWare server manually. Click 'Next', gives a warning message to make sure that source server is switched off. Click OK to continue.
  
  
  
  

  
  
  

  
  

  Click to view.

  
  

  Fig 7.5: Shutdown source. Click "OK" to proceed

  
  
  
  
  

• DIB Restore: Source server DIB which was taken backup during DIB copy step will be restored on target server.
  
  
  
  

  
  
  

  
  

  Click to view.

  
  

  Fig 7.6: DIB Restore, Click "Next" to proceed

  
  
  
  

• IP Address Change: Click Next to change IP address of target server to source server IP address. Do not run these operation using remote SSH session. After executing this step the Linux servers IP address gets changed.
  
  
  
  

  
  
  

  
  

  Click to view.

  
  

  Fig 7.7: IP Address Change, Click "Next" to proceed

  
  
  
  
  
  NOTE: If you are executing this operation from a remote SSH session, then save and close the migration project. Login to the target server directly and open the previously saved project. After authenticating to the target server, Transfer ID screen is opened automatically where earlier it was stopped. Click Next to get IP change done.
  
  
  
  
  

  
  
  

  
  

  Click to view.

  
  

  Fig 7.8: IP Address change warning message. Click "OK" to proceed

  
  
  
  

• Host Name change: Click Next for host name change. After this step host name of Linux server is changed to host name of source NetWare server.
  
  
  
  

  
  
  

  
  

  Click to view.

  
  

  Fig 7.9: Host Name Change , Click "Next" to proceed

  
  
  
  

• Reinitialize Server: Click Next to get target server reinitialized.
  
  
  
  
  

  
  
  

  
  

  Click to view.

  
  

  Fig 7.10: Reinitialize Server. Click "Next" to proceed

  
  
  
  
  

• Repair: Click Next to repair eDirectory, services (if configured), LUM and other configuration files.
  
  
  
  

  
  
  

  
  

  Click to view.

  
  

  Fig 7.11: Server Repair. Click "Next" to proceed

  
  
  
  
  

• After successful repair, close the migration project and restart the target server. This completes Transfer ID process successfully.
  
  
  
  

  
  
  

  
  

  Click to view.

  
  

  Fig 7.12: Restart Server. Click Close

  
  
  
  
  

After reboot, target Linux server host name and IP will be seen with IP and host name of source NetWare server. Now the source NetWare server can be decommissioned.

• Reconfiguring IDM on target OES2 SP1 Linux server
  

  On executing the above steps IDM 3.5.1 is migrated from NetWare 6.5 SP7 to OES2 SP1 with the sensitive data like passwords, digital certificates, eDirectory schema, Identity Manager 3.5.1 driver set configuration files and related data. To make the Identity Manager 3.5.1 up and running on 32-bit OES2 SP1, you need to install IDM 3.5.1 packages on target machine i.e OES2 SP1 Linux server. Follow the steps to install IDM 3.5.1 on the target machine:

  
  
  
  
  1. Download IDM 3.5.1 for Linux from the site: http://download.novell.com/index.jsp
  
  
• Install IDM 3.5.1 packages on target server (OES2 SP1) by selecting "Metadirectory Server" and "Novell Identity Manager Web-based Administration Server". Install IDM 3.5.1 packages only after successful completion of eDirectory migration. If you install IDM packages on target server before migration of eDirectory, then migration of eDirectory fails during repair step of Transfer ID.

• All the driver sets configured on NetWare 6.5 SP7 are migrated to OES2 SP1 Linux server. Start the driver using iManager and use the IDM 3.5.1 on Linux OES2 SP1.
  
  
  
  

  
  
  

  
  

  Click to view.

  
  

  Fig 8: Start the driver using iManager on OES2 SP1.

  
  
  
  

Conclusion:

This AppNote helps the customer to migrate the Identity Manager 3.5.1 configuration and related data from NetWare 6.5 SP7 to 32-bit Linux OES 2SP1. The migration process also migrates Identity Manager license files from NetWare to OES2 SP1 Linux server.