Q&A from 6.x to 7.x upgrade webinar1   Question:    Currently I am in the process to upgrade our current 6.3.1 version to ...
Q&A from 6.x to 7.x upgrade webinar    No local software is installed.    In some cases, for example where regulatory comp...
Q&A from 6.x to 7.x upgrade webinar     The Password Manager replicating data service can be configured to use any of the f...
Q&A from 6.x to 7.x upgrade webinar                 12    Question:                       Please elaborate on the changes ...
Upcoming SlideShare
Loading in …5
×

Upgrading from 6.x to 7.x -- Webinar Q&A

432 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
432
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Upgrading from 6.x to 7.x -- Webinar Q&A

  1. 1. Q&A from 6.x to 7.x upgrade webinar1 Question: Currently I am in the process to upgrade our current 6.3.1 version to 6.4.9 and after it is done, I will upgrade the version 6.4.9 to 7.2 if it is possible, is this the best migration path? Yes. The recommended path is to patch to 6.4.9 (the last 6.x release) and from there move to 7.x.2 Question: I am having some issue to migrate the logos from 6.3.1 to 6.4.9. I received the information about how to modify logos with makeskins tool but I would like to know if is possible to backup my logos on version 6.3.1 and restore them on 6.4.9 A logo is just a graphics file. You can certainly copy it from 6.3.1 to 6.4.9 and from there to 7.x. To get your UI to include a graphics file, you have to specify that file in either the HTML page markup or in the CSS stylesheet. Please call support for instructions on how to do that.3 Question: Does license count still apply to number of users, even under the new multi-master architecture? Yes - the license model depends on the number of human users and nothing else.4 Question: Pop ups in browser, are those only when user accesses the Hitachi ID site? The Hitachi ID Systems corporate web site does not use popups. The Hitachi ID Password Manager web UI also does not use popups. Are you referring to HTML markup in your own Password Manager web portal, which perhaps shows a product logo that - when clicked - opens a web browser to the corporate web site? That is entirely optional and not a part of the current, default UI.5 Question: How is forced enrollment handled, locally, is software installed on the computer? © 2011 Hitachi ID Systems, Inc. All rights reserved. 1
  2. 2. Q&A from 6.x to 7.x upgrade webinar No local software is installed. In some cases, for example where regulatory compliance is involved, it appropriate to make en- rollment mandatory at PC login time. Password Manager supports forced enrollment, for exam- ple by attaching users to a secure kiosk account (SKA) group after repeatedly ignored requests to register and removing users from that group after successful enrollment. When a user’s AD account is placed in this group, at login time a GPO is applied with launches a kiosk-mode web browser to the enrollment URL instead of the Windows shell. In other words, the user can enroll or log off - nothing else. Users are removed from this group automatically once they complete enrollment.6 Question: How about non-PC users, specifically Mac users or non-IE users? The Password Manager web UI uses standards-based HTML, so will work with any browser – including on Macs, phones, tablets, etc. IE integration is specific to the following use cases: 1. Helping a locked out user with a Windows workstation clear his lockout and/or reset a password, from the login prompt. 2. Updating a password cached by Windows after resetting that password on Active Directory. For now, these use cases are Windows-specific. IE is always available on Windows (it cannot really be uninstalled – it’s a part of the OS, despite what Microsoft may tell the US Department of Justice regarding anti-trust).7 Question: Does version 7 use any CodeBase at all? Case in point: where are the configuration settings kept? CodeBase is gone. All configuration is in the database, with the exception of a few text files (script configuration and the like).8 Question: Does the 7.2.1 require SQL or Oracle? If it does, and we go with SQL, will Standard SQL work, or is the Enterprise SQL required? You can use either SQL Server or Oracle. Standard will work. © 2011 Hitachi ID Systems, Inc. All rights reserved. 2
  3. 3. Q&A from 6.x to 7.x upgrade webinar The Password Manager replicating data service can be configured to use any of the following SQL database engines as its physical data store: • Oracle 10g, Enterprise Edition, R2. • Oracle 11gR1, Enterprise Edition, so long as the 10gR2 client is used. • Microsoft SQL Server 2005, Enterprise Edition. • Microsoft SQL Server 2008, Enterprise Edition. • Oracle 10g, Express Edition, R2 (free download from http://oracle.com/). • Microsoft SQL Server 2005, Express Edition, with Advanced Services (free download from http://microsoft.com/). Note that Express databases are suitable for POC, demo environments, etc. but not really for production use.9 Question: There was a lot of scripting done to get Password Manager to work in our environment with the various systems (UNIX, ACF2, TANDEM, etc.) When we upgrade, and scripts need to be changed, will there be charges to our company to have Hitachi help us with those? Or is all that work that is required free? It is likely that some scripts will have to be updated. Please contact support to have a look, or contact Hitachi ID Systems professional services for migration assistance.10 Question: The upgrade path that was mentioned is 6.x to 6.4.9 to 7.2.1. It was also mentioned to have "new" servers in the upgrade. How exactly will the upgrade take place? Do we upgrade our current system to 6.4.9, and the build the new servers with 7.2.1 and then do a copy/migration from 6.4.9 (old servers) to 7.2.1 (new servers)? That’s exactly right.11 Question: What does uninterrupted service mean? When pushpass is “on hold,” then transparent synch events are not queued? There is no need for “on hold” in 7.x. Pushpass was replaced by IDPM and it runs continuously, even through the PSUPDATE process. © 2011 Hitachi ID Systems, Inc. All rights reserved. 3
  4. 4. Q&A from 6.x to 7.x upgrade webinar 12 Question: Please elaborate on the changes to scripted SSH target/agent The scripted SSH agent is largely the same from 6.4.9 to version 1.4 of the connector pack, which is currently shipping. 13 Question: How does code customization affect the standard migration/patch process? You will want to contact Hitachi ID Systems professional services, as they track every customiza- tion provided to every customer. They will help you to work out which of your customizations have been folded into the core product, so are no longer required, and which ones remain uniquely yours, and will have to be applied to the new version or implemented in another (possi- bly better) way. 14 Question: Any changes to configurable password policy that allows closer alignment to Windows AD complexity rules? There is a plug-in provided to directly emulate AD’s built-in password complexity rules (i.e., 3 of the 4 character classes...).500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com File: /pub/wp/marketing/webinars/2011/09-Upgrade_6x-to-7x/qa-1.texwww.Hitachi-ID.com Date: 2011-10-03

×