Upload File

pre-con ed: five easy steps for migrating to ca directory

  • Home
  • Technology
  • Pre-Con Ed: Five Easy Steps for Migrating to CA Directory
29
World ® ’1 6 Five Easy Steps for Migrating to CA Directory Greg Vickery, Principal Services Consultant, CA Technologies SCX12E SECURITY

Upload: ca-technologies

Post on 08-Jan-2017

176 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

World®’16

FiveEasyStepsforMigratingtoCADirectoryGregVickery,PrincipalServicesConsultant,CATechnologies

SCX12E

SECURITY

Page 2: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.

Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.

ForInformationalPurposesOnlyTermsofthisPresentation

Page 3: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Abstract

JoinusforadiscussiononthestepsformigratingyourcurrentUserStoreorPolicyStoretoCADirectory. Wewilldiscussdiscoveryandprojectscoping,alongwithBuildingtheCADirectoryenvironment,Schema(DataType)migration,Dataclean-upandApplicationTeamsign-off.

GregVickery

CATechnologiesPrincipalServicesConsultant

Page 4: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Agenda

WHYMIGRATETOCADIRECTORY

DESIGNTHENEWDIRECTORY

GOLIVE!

LDAPTOCADIRECTORYTASKS

MIGRATINGDATABASETOCADIRECTORYTASKS

APPLICATIONTESTING

1

2

3

4

5

6

Page 5: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

DirectoryReview

§ Applicationcommunicatingwithadatastore– Viaprotocol- LDAP

§ Datastoremaycontain:– policyinformation– AuthenticationInfo– AuthorizationInfo– orAnyotherData

Levelsettheconversation

ApplicationLayer

LDAP

Page 6: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

WhyCADirectory

§ Performance– Replication– allDirectoriesaresynced

(oftenmeasuredinmilliseconds)

§ Smallfootprint– Verylargeenvironmentsw/fewerservers

§ Scalability– 50++millionisOK– OnlyLimitedbyhardware– Canhorizontallyscale(virtuallynolimits)

CAexperiencingalargermigrationtoCADirectory

Page 7: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

WhyCADirectory

§ Monitoringmultipleways– Logfilesforaccuraterecordofactivity– Timelogtovalidateperformance– Real-timemonitoringwithSNMP

§ IncludingSNMPtool

§ OperationalAdvantages(easytomanage)– Dataandindexesneednotuning– Veryfastbackupandrestore– Fewmovingparts

CAexperiencingalargermigrationtoCADirectory

Page 8: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

TypesofMigration

§ ExistingLDAPenvironmenttoCADirectory– MostcommonMigrationforUserStoreenvironments– Mayhaveveryshortprojectlengths(quick)

§ ExistingDatabaseenvironmenttoCADirectory– Generallyrequiresmoretasks– MoreBenefitsarerealized

§ Replicationindirectorymuchfasterthandatabases§ DatacentertoDatacenter(WAN)replicationiseasy

Twomigrationtypesfromthefield

Page 9: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

5StepsofMigration

§ ArchitecttheNewCADirectoryenvironment

§ Schema(DataDefinition)Migration

§ DataMigration

§ ApplicationTesting

§ GoLive!

OverviewofTasks

Page 10: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

MigratingExistingLDAPtoCADirectory

Page 11: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

ArchitectingtheCADirectorysolution

§ CADirectoryArchitecture– TypicallyrequireslessserversthanLDAPServers– Don’tbeafraidtodesignforthestrengthsoftheCADirectory

§ OnetoOnereplacementcouldbebaddesign§ AND- Departurefromolddesignmyallowustooptimizethedesign

– HardwareRequirements(ServerSpecs)maychange§ CADirectoryisamemoryresidentdirectory§ ChangingO/Smaybeanoption

Viewasachancetooptimize

Page 12: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

MigratingtheSchema

§ SchemaMigration– CADirectorytools

§ dxschemaldif - extractsschemafromexistingLDAPservers§ ldif2dxc – formatsLDIFtoCADirectoryconfiguration

– Focusisonyourcustomschema§ Althoughwehavehadtochangestandardschematosupportapps

– MostLDAPServershaverelaxedschema§ MayhavetextOID§ ToolswillsupplyvalidOIDsduringconversion

DefineTasks

Page 13: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

13 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

MigratingtheData

§ ExportDataFromexistingLDAPServer– InmostcasesuseexistingLDAPServertoolstopullthedata– Someothervendortoolsmaybeabletoexcludeproprietarydata

§ CleanData– Couldbethemosttimeconsumingportionofmigration– Createoradaptexistingdatacleantool– RemoveLDAPServerspecificData(proprietarydata)

§ Import– Mayfindmoredataissueshere– Updatecleantoolandrunagain

Cleaningthedataforimport

Page 14: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

MigratingtheData(continued)

§ Alargenumberofhourscouldbeinvolvedwiththisprocess– Ongoingprocess,toolmaybeupdatedseveraltimes.

§ Thedatacleanprocesswillberuninmultipleenvironments– Dev,QA,Staging,etc.beforeProduction(GoLive)– Eachenvironmentmayhaveuniquedataanomalies

§ Opportunitytore-organizeorremoveunwanteddata– Legacy/unusedattributescanberemoved– Oftenfindattributesthataremisused

§ Example:telephoneNumber (attribute)withavalueof‘outofthecountry’

CaseStudy(fieldexperiences)

Page 15: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

MigratingtheData(continued)

§ Doyouplantosyncoldandnewenvironments?– “Onefootintheboat,onefootonthedock”– CADirectoryhassomelimitedabilitytosync(DXLink)– Syncmayintroduceannew(3rd)componenttotheenvironment

§ Mayrequireadditionalexpertise§ Willhaveperformanceimplications(slowingthenewenvironment)

– Synctoolmaybeslowerthannewdirectoryserver– Highlylikelytheoldenvironmentmaybeslowerthanthenewenvironment

§ Ifsyncprocessfails– isthiscauseforrollback?– Manualrecovery(rollback)maybefaster

OtherConsiderations

Page 16: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

16 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

ApplicationVerification

§ IdentifyApplicationsfortestingandverification– Typicallysamplegroupofrepresentativeapplicationswillbeused

§ Developatestplanfortestingapplications

§ IdentifyRequiredResources(personnel)neededforrollout

§ Theprocessshouldberun(andrefined)inmultipleenvironmentsbeforeproduction– Timeallphases,cantheprocessbeexecutedwithinouroutagewindow

TestPlantoverifyapplicationsworkwithnewenvironment

Page 17: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

GoLive

§ Pre-GoLive(sometimebeforeGOLive):– Transformthetestplanintorolloutscriptandchecklist(process)– Theprocessshouldberuninmultipleenvironmentsbeforeproduction– IncludeaRoll-backPlanincaseofissuesorunexpecteddisruptions– Verifythecorrectpersonnelareavailable

§ DirectoryTeam,Operations,Applicationowners,Vendors,etc.

§ Executerolloutscript– Success!- Meetthenextdaywiththeentireteamtoreview

CutovertoProduction

Page 18: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

MigratingExistingDatabasetoCADirectory

Page 19: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

19 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

MigratingDatabasetoCADirectory

§ UserStore– CADirectoryhasfasterreplication(DatacentertoDatacenter)

§ PolicyStore(CASSO)– VeryCosteffective

§ SessionStore(CASSO)– CADirectoryistheonlyDirectory/LDAPserversupportedassessionstore– DatacentertoDatacenterDatabasesynchronizationisexpensive

Advantagestomigratethedifferentenvironments

Page 20: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

20 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

MigratingDatabasetoCADirectory

§ InvolvesmoretasksthanLDAPUserstoreconversion

§ CreateCADirectorySchema§ NoSchematoexport§ ConvertFieldstoattributes§ ConvertTablestoobjectClasses§ MaybeabletouseCADirectory‘Views’configurationtoreplacestoredprocedures

MigratingUserStoreFromDatabase

Page 21: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

21 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

MigratingDatabasetoCADirectory

§ CADirectory‘Views’Configuration– ‘Views’configurationmaybeabletoreplacecertainstoredprocedures

§ Viewsarepre-definedsearcheswithmultiple‘phases’

§ Applicationconversion§ ApplicationswillneedtobeLDAPenabled§ DevelopasLDAPRequests(differentthanSQLRequests)§ Testingthefunctionality

– Startatbeginningofproject– Morecompletesetofusecases

MigratingUserStoreFromDatabase(continued)

Page 22: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

22 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

MigratingDatabasetoCADirectory

§ StepsformigrationofPolicyStoreData– BuildCADirectoryServerenvironment(inCASSOGuide)

§ BuildDIT(Tree)structureforPolicyStoredata§ AddPolicyDataSchemafilestoCADirectory

– ExtractDatafromcurrentPolicyStore§ UsetheavailableCASSOToolstoexportthepolicies§ ThisprocessisthesamewhetherDatabaseorLDAPServer

– ConfigureCASSOPolicyServerfornewPolicyStore– ImportPoliciesintoCADirectory

§ UsingtheCASSOImporttool

CASSO(formerlySiteMinder)PolicyStore

Page 23: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

23 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

MigratingDatabasetoCADirectory

§ StepsformigrationofSessionStoreData– AddSessionDataSchemafilestoCADirectory– Determineperformancerequirements:

§ Calculatenumberofconcurrentsessions§ Factorthesessiontimeout(oraveragesessionlife)

– CADirectoryasasessionstorehasspecializedconfiguration§ Documentationoutlinesthespecificsettings

– Hardwareintensiveforhighdemandenvironments§ ConsultCAforhardwareguidelines

– ConfigureCASSOPolicyServertouseCADirectory

CASSOSessionStore

Page 24: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

24 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

ReviewofMigrationSteps

§ Architectthenewsolution– Don’tbeafraidtochangefromolddesign

§ SchemaMigration– UtilizeCADirectorytools

§ DataMigration– Maybetimeconsuming

§ TestApplication§ GOLive

QuickRecap

Page 25: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

25 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

RecommendedSessions

SESSION# TITLE DATE/TIME

SCT45T HowFastisyourDirectory? 11/16/2016at4:30pm

SCX20SCARoadmap:AdvancedAuthentication,SingleSign-On,Directory 11/16/2016at1:45pm

SCT44T WAM&Federation(TechTalk) 11/17/2016at4:30pm

Page 26: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

26 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Don’tMissOurINTERACTIVESecurityDemoExperience!

SNEAKPEEK!

26 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Page 27: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

@CAWORLD#CAWORLD ©2016CA.AllRIGHTSRESERVED.27 @CAWORLD#CAWORLD

Security

FormoreinformationonSecurity,pleasevisit:http://cainc.to/EtfYyw

Page 28: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

28 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Questions?

Page 29: Pre-Con Ed: Five Easy Steps for Migrating to CA Directory

29 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

Thankyou.

Stayconnectedatcommunities.ca.com


Migrating to Windows Server 2003, Active Directory, And Exchange 2003

7 Steps to Migrating to Your Learning Management System (LMS)

A Guide to Preparing for Office 365 Group Migrationshelp.binarytree.com/power365/doc/Power365 Directory Sync...Migration Guide 3 Introduction Migrating Office 365 Groups has never

6 Steps to Migrate from BlackBerry to a Secure, Multi-OS … · 2017-05-15 · 6 Steps to Migrate from BlackBerry to a Secure, Multi-OS Environment To determine whether migrating

Ohio Department of Transportation...XYZ file(s). The output files generated in these steps, and in all subsequent steps, are to be saved in the project directory. The two steps to

Migrating Food

Migrating SOA

Migrating SQL Server 2012 to Azure Using Azure Site ... · PDF fileBefore we can get started with migrating SQL Server 2012 to ... a dependency on Active Directory ... Server 2012

Migrating Gardens

8 Simple Steps for Migrating to Cloud Customer Service Software

Migrating WebSphere Applications to z/OS - IBM Redbooks · Migrating WebSphere applications ... Introscope ... André Watanabe Michael Zelbel. Migrating WebSphere Applications to

2018-2019 - GibYellow Gibraltar Telephone Directory - Community Pages.pdfAt certain times of the year you can be surprised by beautiful, colourful butterflies, some migrating through

That would include Assistance in migrating Novell directory …vcportal.ventura.org/GSA/procurementservices/docs/bids/... · 2013. 6. 20. · That would include Assistance in migrating

Migrating Database Content from SQL Server to SAP HANA · PDF fileMigrating Database Content from SQL Server to SAP ... between four steps while migrating database content from MS

Active Directory Migration Tool Steps Guide

Migrating from NetWare to Active Directory - NDM · Migrating from NetWare to Active Directory A White Paper by Technology Strategy Research, LLC Sponsored by. ... Novell officially

Migrating from 3-DNS to GTM - F5 Networks · 2019. 4. 15. · Migrating from 3-DNS to Global Traffic Manager BIG-IP® Migration Guide 3 Special considerations As you assess the steps

IBM Tivoli Directory Server: IBM Tivoli Directory Server ...publib.boulder.ibm.com/tividd/td/IBMDS/ID7002517S...2.1.4 Migrating from IBM Directory Server 4.1 or ... need to administer

Migrating to Enterprise Extender ?Migrating to Enterprise ... · Migrating to Enterprise Extender ?Migrating to Enterprise Extender ? Here is what you need to know Colin van der Ross

Fixing Issues with Corporate Directory Lookup from the ... · Disable Corporate Directory on a Single IP Phone Complete these steps to disable the Corporate Directory for one or a

Migrating Desktop

White Paper 10 Steps for Migrating Your Curriculum to the ... · White Paper 1 10 Steps for Migrating Your Curriculum to the Common Core Forty-five states, the District of Columbia

10 Steps to Cleaning Up Active Directory User Accounts—and ... · 10 Steps to Cleaning Up Active Directory User Accounts—and Keeping Them That Way Written by Randy Franklin Smith,

MSHPO - Active Directory Migration Guide SB - DONEdownload.microsoft.com/download/f/6/a/f6acc021-a05a-48a1-88e2... · 5.5.2 Migrating from Novell NetWare ... knowledge and skills

Migrating information between records management systems · Migrating information between records management systems ... 4 Managing your migration project ... Migrating information

OrgWikiÒ Active Directory Configuration Guide · The Active Directory integration involves three main steps: 1. Configure the integration between Okta and OrgWiki - This allows Okta

ASA Migrating

Connecting ezeep to your Directory Service via SAML...describes the steps required to connect an ezeep account to a directory service like ADFS, Azure Active Directory, Pint Identiy,

Migrating PowerBuilder Applications · 2020. 5. 20. · 9 Migrating from PowerBuilder 11.5.1 or earlier ... 10.2 JDK 1.6 Support (IM) ... migrating your applications. 3.3 Migrating

Migrating Active Directory Domain Controller From Windows Server 2008 R2 to Windows Server 2012

Seven Steps of Migrating a Program to a 64-bit System

Migrating Web Services

Migrating people

Active Directory Rights Management Services...Luna HSM (Windows Server 2008 R2) This chapter outlines the steps to install and integrate Active Directory Rights Management Services

10 Steps to Cleaning Up Active Directory User Accounts—and