Environment
NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
NetIQ Access Manager 4.3
Situation
// Existing setup
server 1 - 10.30.46.62 - SLES 11 - primary admin console/idp
server 2 - 10.30.46.61 - SLES 11 - secondary admin console/idp
2 other MAG servers running as appliances
// Want to change to this new config
server 3 - 10.30.46.58 - SLES 12 - primary admin console/idp
server 4 - 10.30.46.57 - SLES 12 - secondary admin console/idp
Resolution
There are multiple ways to go for upgrading OS and moving to a new machine. Here is one recommended approach that was tested and verified by QA and multiple customers:
1. 1. Take a backup of the server1 (primary admin console) and move the backup to a different location.
2. 2. Bring down the server1. At this point entire access manager should be still working using the secondary admin console and one IDP which are running in server 2.
3. 3. Configure the server3 with the same IP address and DNS name of server 1.
4. 4. Install the same version of access manager in server 3.
5. 5. Restore the backed up primary admin console configuration in server 3. Now the server 3 should automatically become the primary admin console and it should communicate with the server 2 (secondary admin console).
6. 6. From the admin console, remove the IDP corresponding to server 1 IP address from the cluster and delete that node
7. 7. Install the IDP in server 3 and add the node to the cluster. This IDP should become functional now.
8. 8. Remove the IDP corresponding to server 2 from the cluster and then delete the node. At this point, you will have primary admin console, secondary admin console and one IDP which are functional.
9. 9. Remove the secondary admin console from the primary admin console.
10 10. Bring down the server 2.
11 11. Install the same version of access manager as secondary admin console in server 2 pointing to the primary admin console.
12 12. Once the secondary admin console is up, install IDP also on this server and add the node to the IDP cluster.