How to move the Novell Identity Manager Meta-directory server to a new server

  • 3002285
  • 24-May-2006
  • 26-Apr-2012

Environment

Novell DirXML Identity Manager 3.0 
Novell DirXML Nsure Identity Manager 2.0

Situation

How to move the Novell Identity Manager Meta-directory / DirXML server to new hardware

Resolution

1) Export the current driver set using iManager or Designer prior to making any changes to the driver.

2) Install the Meta-directory server software on to the new hardware after making sure that the server is in the same tree and holds the same replicas as does the current production server being replaced. (Make sure that the patch levels are the same on the servers. Schedule to update the new server with the latest patches where possible)

3) Add the server to the driver set by going to the Identity Manager Overview in iManager and adding the server to the "running on servers section”

4) Do not start the drivers on the new hardware at this point. The drivers will be dissabled initially.

6) The driver(s) have server specific attributes that do not replicate to the other servers in the replica ring. So, adding a new server to the driver set will not move all configuration information over to the new server when using DirXML or Identity Manager 2.0. Identity Manager 3 has the option to copy the configuration from one server to the other.

7) Go to the properties of the driver for the new server assigned to the driver set. Add the driver configuration properties to the driver for the new server. (Authentication ID, Authentication context, Remote loader Password, Driver object password, Application password, Driver Parameters, etc)

8) The above step can be confusing, when you go to the properties of the driver, you can choose which server you want to change the settings for. Double-check that the new server is selected when changing the properties.

9) Disable your new driver under the startup options. Double check that your settings match the driver for the production server currently running. Once you have confirmed that they are the same, enable the new driver under the startup options, prior to choosing apply, make sure to check the box to not auto-synchronize the driver. The check box appears once you set the driver to manual or auto-start.

The above step of enabling the new server and the below step of stopping the driver on the old server should be performed one after another, allowing for little time to pass. This will help prevent duplicate events from processing as the new server is now logging events and once the new server starts the driver, it will process the events that have been cached to the TAO file.

10) Go to the production driver and stop the driver. All changes will still be written to the TAO file for this server. So, if the new server has problems, you can revert back to the original server. (once the new server is up and working, feel free to disable the old server's driver so the tao file does not grow in size)

11) Start the driver on the new server, and test the driver thoroughly.

12) If some changes appear to not have come over during the change over, you can choose to auto-resynchronize the driver. In large environments, you will want to make sure that you do this during non-business hours. Or schedule a possible down time as a lot of network traffic can take place. The above steps should prevent an auto-resync

13) The eDirectory driver needs to have certificates created. To do this, re-run the nds2nds certificate wizard. It will re-issue the certificates and auto configure the drivers with the certificates for the three servers. The two servers in the current tree running the engine and the server in the apposing tree.