Cisco Enterprise Policy Manager Installation and Configuration Guide, Release 3.3.2.0
CEPM Migration Info
Download this chapter
CEPM Migration InfoCEPM Migration Info
Download the complete book
CEPM Install and Config Guide V 3.3.2.0GACEPM Install and Config Guide V 3.3.2.0GA (PDF - 1 MB)
 Feedback

Table Of Contents

CEPM Migration Information

Migration From Version 3.2.0.0 or Earlier to Version 3.3.2.0

Migration From Version 3.3.0.0 to Version 3.3.1.0


CEPM Migration Information

This chapter contains migration information for your existing CEPM installation. If you are already using an older version of the CEPM (for example, Securent-V3.2.0.0) and want to upgrade to the CEPM V3.3.2.0, you can do so by migrating the database from your older (existing) version to the latest version. Before upgrading, it is highly suggested to make a full backup of your existing installation directory.

In CEPM, while mrigrating from older version to the current version, only the database values are migrated and not the configuration file parameter values. During the installation process, when the configure.xml is run, the configuratoin files, such as pap_config.xml, pep_config.xml and logging.xml, are initially updated with the database values in equivallent to the configure.properties file. You must map the other parameter values manually to the existing parameters. Step-2 of the migration process discusses about this in detail.

Migration From Version 3.2.0.0 or Earlier to Version 3.3.2.0

This section provides step-by-step instructions on how to migrate your existing version of CEPM to Version 3.3.2.0. The CEPM (formerly Securent) versions which can be migrated to version 3.3.2.0 are Version 3.0.2, Version 3.1 GA, and Version 3.2.0.0.

Note Make sure that the DB replication activities (for both Oracle and MSSQL) are suspended before executing the migration script. If you are using MSSQL, increase the Database Transaction Log size to 1GB while doing the migration.

To upgrade the installation, take the following steps:

Step 1 Complete steps 1 through 17 in Chapter 3 "Common Installation Steps."

Step 2 Manually update the new configuration files such as pap_config.xml, pdp_config.xml, and logging.xml by mapping the existing (say, V3.2.0.0) configuration parameter values to the V3.3.2.0 parameters. This is because a version upgradating cannot migrate these values to the new config files and thus must be updated manually in the following manner:

Update PAP Configuration Tags

The pap_config.xml file is present in /CEPM-V3.3.2.0/config folder. Initially, the PAP config parameters are having default values. While upgrading your CEPM version, you must manually update the following tags which are marked as `user defined' with V3.2.0.0 values. Refer to CEPM PAP Configuration Guide for more details about the following tags.

Following tables shows the list of parameters marked as either system defined or user defined. Only the user defined tags need to be evaluated.

Table 10-1 PAP Configuration Tags

Tag
V3.2.0.0
V3.3.2.0

<db>

System defined

System defined

<jms>

User defined

User defined

<handler>

User defined

User defined

<authentication>

User defined

User defined

<encryption>

User defined

User defined

<callbackhandlers>

Not available in V3.2.0.0

User defined (This is a new tag)

<xacml-log>

User defined

User defined

<admin-logs>

Not available in V3.2.0.0

User defined (This is a new tag)


Update PDP Configuration Tags:

The pdp_config.xml file is present in /CEPM-V3.3.2.0/config/pdp folder. Refer to CEPM PDP Configuration Guide for more details about the following tags

Table 10-2 PDP Configuration Tags

Tag
V3.2.0.0
V3.3.2.0

<db>

System defined

System defined

<jms>

User defined

User defined

<authentication>

User defined

User defined

<encryption>

User defined

User defined

<xacml-parser>

User defined

User defined

<xacml-log>

User defined

User defined

<pdp>

This tag had limited options in V3.2.0.0

Following new elements are added in the current version.

<retry> elelment

<responseType> subelement in <listener> tag.

sorting attribute and pep-config attribute does not exist in <pdp> tag.

<pip>

User defined

User defined

<cache>

This tag had limited options in V3.2.0.0

<cacheInterval> element is removed from <pip> tag.

Add <prefetchForApis> element is newly added to <prefetch> tag.

<callbackhandlers>

Not available in V3.2.0.0

This is a new tag added to this version.


Update logging.xml file tags

The logging.xml file is present in /CEPM-V3.3.2.0/config/logging folder. There is no change to be done in this file while doing the migration. Verify the following new tags that are added in the current version: 

<category name="com.cisco.pdp" >

    <priority value="INFO"/>

    <appender-ref ref="pdp_file_appender"/>

</category>

<category name="com.cisco" >

    <priority value="INFO"/>

    <appender-ref ref="pap_file_appender"/>

</category>

Step 3 Run the appropriate migration script from .../CEPM-V3.3.2.0/migrate folder.

For example, if you are currently using the CEPM V3.2.0.0, instead of running the createtables.bat file, upgrade your CEPM application from version 3.2.0.0 to 3.3.2.0 by running the Migration-v3.2-3.3.sql file in your corresponding database client.

The following migration scripts are available for the CEPM v3.3.2.0:

Table 10-3 Migration Scripts

DB-Type
Migration Type
Migration Scripts
Oracle (9i/10g/11g)

V3.0.2 to V3.3.2.0

Migration-v3.0.2-3.3.SQL

V3.1GA to V3.3.2.0

Migration-v3.1GA-3.3.SQL

V3.2.0.0 to V3.3.2.0

Migration-v3.2-3.3.SQL

MSSQL(2000/2005)

V3.0.2 to V3.3.2.0

Migration-v3.0.2-3.3.SQL

V3.1GA to V3.3.2.0

Migration-v3.1GA-3.3.SQL

V3.2.0.0 to V3.3.2.0

Migration-v3.2-3.3.SQL

V3.2.3.0 to V3.3.2.0

Migration-v3.2.3-3.3.SQL


Step 4 Run templateloader.bat (for Windows) or templateloader.sh (for Linux and Solaris) file from /CEPM-V3.3.2.0/bin folder to load the latest templates into the CEPM database.

Note Do not run the templateloader.bat file when the installation is fresh, because the createtables.bat file is run while installing CEPM for the first time. This file must be run only when migration is required.

Step 5 Run ruleconversionto33.bat (for Windows) or ruleconversionto33.sh (for Linux and Solaris) file from /CEPM-V3.3.2.0/bin folder which updates your existing application with the latest rule creation feature.

Step 6 Execute the database procedures in the following way:

Table 10-4 Executing DB Procedures

DB Type
Action

Oracle9i

To execute the procedure in Oracle 9i, open any Oracle client (such as SQL Plus, Benthic, Putty etc.) and run the pap.sql and pdp.sql files from the /CEPM-V3.3.2.0/db/scripts/oracle folder.

Example: Open SQL Plus and use the following command to invoke pap.sql in the client: 

SQL> @ /CEPM-V3.3.2.0/db/scripts/oracle/pap.sql

Oracle (10g/11g)

Note If you are using Oracle 11g (Version 11.2.0.1 in particular), before executing the DB scripts, add the following parameter in Oracle 11g configuration files, that is, ora.init: deferred_segment_creation=false

To execute the procedure in Oracle 10g or 11g, open the Oracle client (use SQL Plus only) and run the pap_wrapped.sql and pdp_wrapped.sql files from the /CEPM-V3.3.2.0/db/scripts/oracle folder.

If you get any drop-type error while running these wrapped sqls, ignore the error and resume the installation process.

It is highly recommended to run the wrapped sqls at the client end. These sqls are masked code which cannot be read normally and can be understood only by Oracle. If you open any _wrapped sqls, you do not find anything in a readable format. These wrapped sqls are supported from Oracle10g onwards. However, if you use Oracle9i, you can run the regular sqls.

MSSQL (2000/2005)

To execute the procedure in MSSQL Server 2005, open the MS SQL client and run the pap.sql and pdp.sql file from /CEPM-V3.3.2.0/db/scripts/mssql folder. For MSSQL 2000, these scripts are available in /CEPM-V3.3.2.0/db/scripts/mssql/mssql2000 folder.

It is recommended to run these scripts in MSSQL Query Analyzer, because executing these scripts through SQLCMD might not compile all the functions and procedures.


Note If you get any error at this stage, see Chapter 15 "Troubleshooting CEPM Installation."

Migration From Version 3.3.0.0 to Version 3.3.1.0

Note If you are using CEPM 3.2.0.0 or earlier, you cannot migrate your CEPM application directly to Version 3.3.1.0 as there is no directory path defined for this migration. You must upgrade your older version to version 3.3.0.0 and then upgrade it to Version 3.3.1.0.

Please refer to Release Notes for CEPM Version 3.3.1.0 for the Migration information from Version 3.3.0.0 to Version 3.3.1.0.