More Related Content Similar to Upgrading from 6.x to 7.x -- Webinar Q&A (20) More from Hitachi ID Systems, Inc. (20) Upgrading from 6.x to 7.x -- Webinar Q&A1. Q&A from 6.x to 7.x upgrade webinar
1 Question:
Currently I am in the process to upgrade our current 6.3.1 version to 6.4.9 and after it is done, I will
upgrade the version 6.4.9 to 7.2 if it is possible, is this the best migration path?
Yes. The recommended path is to patch to 6.4.9 (the last 6.x release) and from there move to
7.x.
2 Question:
I am having some issue to migrate the logos from 6.3.1 to 6.4.9. I received the information about
how to modify logos with makeskins tool but I would like to know if is possible to backup my logos
on version 6.3.1 and restore them on 6.4.9
A logo is just a graphics file. You can certainly copy it from 6.3.1 to 6.4.9 and from there to 7.x.
To get your UI to include a graphics file, you have to specify that file in either the HTML page
markup or in the CSS stylesheet. Please call support for instructions on how to do that.
3 Question:
Does license count still apply to number of users, even under the new multi-master architecture?
Yes - the license model depends on the number of human users and nothing else.
4 Question:
Pop ups in browser, are those only when user accesses the Hitachi ID site?
The Hitachi ID Systems corporate web site does not use popups. The Hitachi ID Password
Manager web UI also does not use popups.
Are you referring to HTML markup in your own Password Manager web portal, which perhaps
shows a product logo that - when clicked - opens a web browser to the corporate web site? That
is entirely optional and not a part of the current, default UI.
5 Question:
How is forced enrollment handled, locally, is software installed on the computer?
© 2011 Hitachi ID Systems, Inc. All rights reserved. 1
2. Q&A from 6.x to 7.x upgrade webinar
No local software is installed.
In some cases, for example where regulatory compliance is involved, it appropriate to make en-
rollment mandatory at PC login time. Password Manager supports forced enrollment, for exam-
ple by attaching users to a secure kiosk account (SKA) group after repeatedly ignored requests
to register and removing users from that group after successful enrollment. When a user’s AD
account is placed in this group, at login time a GPO is applied with launches a kiosk-mode web
browser to the enrollment URL instead of the Windows shell. In other words, the user can enroll
or log off - nothing else. Users are removed from this group automatically once they complete
enrollment.
6 Question:
How about non-PC users, specifically Mac users or non-IE users?
The Password Manager web UI uses standards-based HTML, so will work with any browser –
including on Macs, phones, tablets, etc.
IE integration is specific to the following use cases:
1. Helping a locked out user with a Windows workstation clear his lockout and/or reset a
password, from the login prompt.
2. Updating a password cached by Windows after resetting that password on Active Directory.
For now, these use cases are Windows-specific. IE is always available on Windows (it cannot
really be uninstalled – it’s a part of the OS, despite what Microsoft may tell the US Department
of Justice regarding anti-trust).
7 Question:
Does version 7 use any CodeBase at all? Case in point: where are the configuration settings kept?
CodeBase is gone.
All configuration is in the database, with the exception of a few text files (script configuration and
the like).
8 Question:
Does the 7.2.1 require SQL or Oracle? If it does, and we go with SQL, will Standard SQL work, or is
the Enterprise SQL required?
You can use either SQL Server or Oracle. Standard will work.
© 2011 Hitachi ID Systems, Inc. All rights reserved. 2
3. Q&A from 6.x to 7.x upgrade webinar
The Password Manager replicating data service can be configured to use any of the following
SQL database engines as its physical data store:
• Oracle 10g, Enterprise Edition, R2.
• Oracle 11gR1, Enterprise Edition, so long as the 10gR2 client is used.
• Microsoft SQL Server 2005, Enterprise Edition.
• Microsoft SQL Server 2008, Enterprise Edition.
• Oracle 10g, Express Edition, R2 (free download from http://oracle.com/).
• Microsoft SQL Server 2005, Express Edition, with Advanced Services (free download from
http://microsoft.com/).
Note that Express databases are suitable for POC, demo environments, etc. but not really for
production use.
9 Question:
There was a lot of scripting done to get Password Manager to work in our environment with the
various systems (UNIX, ACF2, TANDEM, etc.) When we upgrade, and scripts need to be changed,
will there be charges to our company to have Hitachi help us with those? Or is all that work that is
required free?
It is likely that some scripts will have to be updated. Please contact support to have a look, or
contact Hitachi ID Systems professional services for migration assistance.
10 Question:
The upgrade path that was mentioned is 6.x to 6.4.9 to 7.2.1. It was also mentioned to have "new"
servers in the upgrade. How exactly will the upgrade take place? Do we upgrade our current
system to 6.4.9, and the build the new servers with 7.2.1 and then do a copy/migration from 6.4.9
(old servers) to 7.2.1 (new servers)?
That’s exactly right.
11 Question:
What does uninterrupted service mean? When pushpass is “on hold,” then transparent synch
events are not queued?
There is no need for “on hold” in 7.x. Pushpass was replaced by IDPM and it runs continuously,
even through the PSUPDATE process.
© 2011 Hitachi ID Systems, Inc. All rights reserved. 3
4. Q&A from 6.x to 7.x upgrade webinar
12 Question:
Please elaborate on the changes to scripted SSH target/agent
The scripted SSH agent is largely the same from 6.4.9 to version 1.4 of the connector pack,
which is currently shipping.
13 Question:
How does code customization affect the standard migration/patch process?
You will want to contact Hitachi ID Systems professional services, as they track every customiza-
tion provided to every customer. They will help you to work out which of your customizations
have been folded into the core product, so are no longer required, and which ones remain
uniquely yours, and will have to be applied to the new version or implemented in another (possi-
bly better) way.
14 Question:
Any changes to configurable password policy that allows closer alignment to Windows AD
complexity rules?
There is a plug-in provided to directly emulate AD’s built-in password complexity rules (i.e., 3 of
the 4 character classes...).
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
File: /pub/wp/marketing/webinars/2011/09-Upgrade_6x-to-7x/qa-1.tex
www.Hitachi-ID.com Date: 2011-10-03