Migrate configuration between one NAM to another NAM

Hi,

Currently we are having NAM 5.0.2 in RHEL 7.9 and all components (Admin, IDP and AG) installed in different server. We are planning to setup a same NAM environment and need to migrate all configuration including attribute set, MFA configuration, Risk policies, certificates, SAML SP configuration and OAuth configuration along with IDP customized files.

so, can i migrate these configurations using Code promotion or manual need to be done?

  • 0  

    You can use the Export functionality to Export the configuration and Import it into a new environment, assuming it is the same version (not sure if it works across support packs, e.g. exporting 5.0 SP2 and importing into 5.0 SP4).  

    I've exported an AG appliance configuration before and imported it into an AG service setup, so I know that works (just gotta fix all the IP address assignments afterward).

    Another option would be to add a secondary admin console, destroy the old primary, and promote the secondary to primary.  That is a more complex process, but I've done that before too when moving from SuSE to RHEL.  Then you can just build new IdP's and AG's and add them to the system and remove the old ones.

    And of course, the manual option is there too.

    So lots of options.

    Matt

  • 0 in reply to   

    Hi Matt,

    Thank you for the response.

    The Export functionality is related to code promotion feature. Please correct me if i am wrong.

    Also, no direct approach is available to upgrade the RHEL OS from 7.9 to RHEL 9.x along with NAM version from 5.0.2 to 5.1 version as per hardware document.

    is it okay to try the export functionality/code promotion between different version setup(both NAM and OS version is different)? or manual option is better for this scenario?

    So what will be the best suitable approach?

  • 0   in reply to 

    Yes, I think you are right, the export functionality I'm thinking of is under code promotion (for some reason I thought it was separate).

    I've had mixed results crossing versions when using the export/import.  I'd probably suggest opening a support case and letting them know the exact source version and destination version.  I'd probably at least get the old site up to 5.0 SP4 before doing it.

    Are you replacing the old environment or trying to duplicate it?  

    If replacing, I would just rebuild each component (basically remove from cluster and rebuild).  Easy for the IdPs, AGs, and secondary admin console.  The tricky one is the primary admin console.  I usually follow a "lost primary" procedure when I do this and I've had very good luck with that approach. But your understanding of the underlying eDirectory and how it functions is critical for making that a success.  You basically build a new secondary admin console and promote it to primary as if you "lost" the original primary.  I've done it many times when moving from one OS to another where you really have no other choice (e.g. moving from SLES to RedHat).  But again, I would only recommend that if you have expertise with eDirectory (or enlist help).

    Of course, you can just take the ambkup and do a complete restore as well.  That is another option, but I have not used that approach personally.

    And as usual, take snapshots of everything (if virtual) prior to doing anything.  I'd even highly recommend taking offline snapshots of your admin consoles so that the eDirectory replicas are in the same state.

    Matt

  • 0 in reply to   

    Thank you for the confirmation.

    Are you replacing the old environment or trying to duplicate it? 

    Actually, we have NAM (5.0.2) in RHEL OS (7.9) and to upgrade NAM 5.0.4 version, the OS version should be 8.7 or 8.8(which is not supported for 5.0.2) so the issue is with the OS version.

    Also, I have already raised the ticket and support also confirmed that there is not suitable approach for just upgrading the existing environment.

    So, I am just trying to setup new environment with latest RHEL OS with latest NAM version and just move the configuration from existing environment to new environment then configure the IP with DNS and shutdown the existing one.