If you have added any custom attributes to the default Person objects (Person or BBPerson) you will have to add them back to those object classes after the upgrade.
The best practice when customizing Person object classes is to build your own and inherit from the default object classes, but in reality if you are just adding a few of your own custom attributes why would you want to do that. I guess this is the reason why you wouldn't do it! But I probably know many of you who have 4.6 environments might have gone down this road.
So for those of you who have added to the base Person object classes you will have to re-attach your custom attributes to those object classes after the upgrade.
Hope this helps!
Wednesday, October 7, 2009
Script Error After 4.6 to 5.1 Upgrade
All,
One of the first issues I ran into after completing the upgrade steps was some of the workflow would not work. Further investigation indicated the following error occuring in the trace.log file: "EcmaScript Error:".
IBM did put out a technote on this and here is the link:
http://www-01.ibm.com/support/docview.wss?rs=644&context=SSTFWV&q1=IBMJS&uid=swg21304327&loc=en_US&cs=utf-8&lang=en
They give two options there. I took the first one by updating the scriptframework.properties file. Seems to have worked so far.
Hope this helps!
One of the first issues I ran into after completing the upgrade steps was some of the workflow would not work. Further investigation indicated the following error occuring in the trace.log file: "EcmaScript Error:".
IBM did put out a technote on this and here is the link:
http://www-01.ibm.com/support/docview.wss?rs=644&context=SSTFWV&q1=IBMJS&uid=swg21304327&loc=en_US&cs=utf-8&lang=en
They give two options there. I took the first one by updating the scriptframework.properties file. Seems to have worked so far.
Hope this helps!
Monday, October 5, 2009
Tough Loss for the Aggies!
Well all you Aggie fans out there, it was a tough loss on Sat. Don't fret though I like the improvements Coach Sherman is making. We'll be back in contention in the Big 12 soon! Gig'em!
Cowboys Season so Far
Is it me or does this team lack leaders! For all you Cowboy fans out there how did that game make you feel yesterday? (Denver 17 - Cowboys 10)
I can't say I'm surprised because it seems the same thing is happening year after year recently. This playoff drought is a rough one and it doesn't look based on these first 4 games that it will end this year. We'll have to be better than .500 in the tough NFC.
On all of our great teams in the past we had people step up and be leaders. I see this characteristic lacking on this team.
Well at least the new stadium is nice. I'll be posting some pictures of some home games soon! Just the stadium pics though, don't think I can post actual players or game pics!
I can't say I'm surprised because it seems the same thing is happening year after year recently. This playoff drought is a rough one and it doesn't look based on these first 4 games that it will end this year. We'll have to be better than .500 in the tough NFC.
On all of our great teams in the past we had people step up and be leaders. I see this characteristic lacking on this team.
Well at least the new stadium is nice. I'll be posting some pictures of some home games soon! Just the stadium pics though, don't think I can post actual players or game pics!
4.6 Upgrade Options
All,
As you know the IBM recommend upgrade path from 4.6 to 5.0 or 5.1 is to stand up a new ITIM 5.x environment and migrate data. However, in talking with customers some companies do not have the resources to stand up another new environment. So having run into this recently myself, you can do an upgrade in place, but it is a very tedious process.
So my recommendation is to follow the IBM recommend upgrade path if at all possible. They actually have a guide called "Separate System Upgrade and Data Migration Guide" Version 5.x which is really good. The key to this migration is to follow the steps in order! You will have to upgrade the middleware components first prior to even attempting to upgrade the base ITIM application. I took the approach of migrate database, migrate LDAP, install new WAS 6.1 components, and then migrate ITIM. With that in mind you might have to refer to each middleware component's documentation during the upgrade process. However, I was able to successfully upgrade the base application with only a few minor hiccups. I'm still sorting through the migration at the ITIM 5.x level and will post hints / tips / issues as I find them.
One last thing! If you decide to upgrade in place you must account for the additional resource requirements 5.x has over 4.6. Just as a rule of thumb it is at least double. Please refer to the hardware/software prerequisites in the 5.x documentation. You'll also want to follow the same order in the process as with the separate system upgrade. It will make things alot easier.
As you know the IBM recommend upgrade path from 4.6 to 5.0 or 5.1 is to stand up a new ITIM 5.x environment and migrate data. However, in talking with customers some companies do not have the resources to stand up another new environment. So having run into this recently myself, you can do an upgrade in place, but it is a very tedious process.
So my recommendation is to follow the IBM recommend upgrade path if at all possible. They actually have a guide called "Separate System Upgrade and Data Migration Guide" Version 5.x which is really good. The key to this migration is to follow the steps in order! You will have to upgrade the middleware components first prior to even attempting to upgrade the base ITIM application. I took the approach of migrate database, migrate LDAP, install new WAS 6.1 components, and then migrate ITIM. With that in mind you might have to refer to each middleware component's documentation during the upgrade process. However, I was able to successfully upgrade the base application with only a few minor hiccups. I'm still sorting through the migration at the ITIM 5.x level and will post hints / tips / issues as I find them.
One last thing! If you decide to upgrade in place you must account for the additional resource requirements 5.x has over 4.6. Just as a rule of thumb it is at least double. Please refer to the hardware/software prerequisites in the 5.x documentation. You'll also want to follow the same order in the process as with the separate system upgrade. It will make things alot easier.
Thursday, September 24, 2009
Guess I should keep this blog up!
Sorry all! I've been slacking on updating this blog. For all those consultants out there who have been working on security gigs, I don't have to tell you how busy it has become over the last couple of years.
No excuse though. I'll start posting some new information on my experiences in the following areas:
ITIM 4.6 to 5.0 upgrades
ITIM 4.6 to 5.1 upgrades
FAQs and Hints/Tips
Stay Tuned!
No excuse though. I'll start posting some new information on my experiences in the following areas:
ITIM 4.6 to 5.0 upgrades
ITIM 4.6 to 5.1 upgrades
FAQs and Hints/Tips
Stay Tuned!
Thursday, December 6, 2007
Tough Loss for the Mavericks
Hi all,
First posting on a sports topic on my blog. I must confess I'm a big Dallas/Fort Worth Area sports fan, so most of my sports postings will be about those professional teams in that area. Although you may see me blogging about general topics, the fighting Texas A&M Aggies, and the San Antonio Spurs from time to time. I like to follow the Spurs when they don't compete against the Mavs.
Speaking of Mavs and Spurs, tough loss for my team last night. How could we lose to a team that didn't have their superstar playing in the game? I hate division losses like that, it has a way of coming back to hurt later in the season. Hopefully Coach Johnson can get that team back on track.
First posting on a sports topic on my blog. I must confess I'm a big Dallas/Fort Worth Area sports fan, so most of my sports postings will be about those professional teams in that area. Although you may see me blogging about general topics, the fighting Texas A&M Aggies, and the San Antonio Spurs from time to time. I like to follow the Spurs when they don't compete against the Mavs.
Speaking of Mavs and Spurs, tough loss for my team last night. How could we lose to a team that didn't have their superstar playing in the game? I hate division losses like that, it has a way of coming back to hurt later in the season. Hopefully Coach Johnson can get that team back on track.
Wednesday, December 5, 2007
Update Post
Hey all,
My apologies for not posting in awhile. I'm sure as all of you can relate, when your working on projects it becomes really hard to keep up with the extra stuff like blogging.
I've been working on 3 projects here at the end of the year that have kept me busy. The applications I've been working with are the Tivoli Access Manager Enterprise Single Sign-On Desktop Password Reset Adapter (why is this name so long???) and the IBM Tivoli Identity Manager 4.6. Personally I'm waiting for the ITIM 5.0 release so I can get updating my knowledge on the differences between 4.6 and 5.0. For all of you who haven't heard yet, 5.0 will support WebSphere Application Server 6.1 which should make things a little easier (I hope).
Just wanted to provide an update and hopefully I can start posting more technical stuff as my projects start slowing down.
My apologies for not posting in awhile. I'm sure as all of you can relate, when your working on projects it becomes really hard to keep up with the extra stuff like blogging.
I've been working on 3 projects here at the end of the year that have kept me busy. The applications I've been working with are the Tivoli Access Manager Enterprise Single Sign-On Desktop Password Reset Adapter (why is this name so long???) and the IBM Tivoli Identity Manager 4.6. Personally I'm waiting for the ITIM 5.0 release so I can get updating my knowledge on the differences between 4.6 and 5.0. For all of you who haven't heard yet, 5.0 will support WebSphere Application Server 6.1 which should make things a little easier (I hope).
Just wanted to provide an update and hopefully I can start posting more technical stuff as my projects start slowing down.
Thursday, July 19, 2007
New Discussion Forum through Nabble
Hi all,
I ran across this online discussion forum from www.nabble.com and thought I would take a look. I decided to create an IBM Tivoli forum to discuss IBM Tivoli components. I thought this could be another method for those of us working with the IBM Tivoli products to discuss our issues outside of the normal IBM forums (i.e., DeveloperWorks). I'm looking at this as being a compliment to those forums and not a competition.
Check it out and give me your thoughts (good, bad, or otherwise)!
http://www.nabble.com/IBM-Tivoli-f24849.html
Scott
I ran across this online discussion forum from www.nabble.com and thought I would take a look. I decided to create an IBM Tivoli forum to discuss IBM Tivoli components. I thought this could be another method for those of us working with the IBM Tivoli products to discuss our issues outside of the normal IBM forums (i.e., DeveloperWorks). I'm looking at this as being a compliment to those forums and not a competition.
Check it out and give me your thoughts (good, bad, or otherwise)!
http://www.nabble.com/IBM-Tivoli-f24849.html
Scott
Friday, June 29, 2007
What is Tivoli Identity Manager?
Hi all,
After I posted the instructions on How to Change the Default Page in ITIM 4.6 Interface I was thinking about the novices out there that are new to Identity Manager and need some help in understanding the capabilities of the product. So in this post I'll give a brief overview.
Identity Manager provides the capability to manage a company's personnel identities and access to IT resources needed to perform their jobs. This helps not only IT personnel in the management of the many user account requests that they have to process from time to time but also helps upper management in a variety of areas including: auditing and reporting to meet regulatory compliance, workflow functionality to automate the approval process to access requests, and provides a role-based solution to allow personnel access to resources based on their role within the organization. The concept is quite easy to understand:
1. An individual is hired by the company to perform a specific job role.
2. This individual is placed into an HR system.
3. ITIM can read the information from the HR system and create an identity for this person to have access to IT resources.
4. Depending on the role or roles the individual has within the organization they are automatically given or requested access to the resources they need to perform their job.
5. Approval processes can be put in place to get the proper approvals prior to granting access. This may involve supervisor, information security, and/or application owner approvals. This process can be automated to decrease the amount of time needed to gain approvals.
6. If the person is removed from the role or the organization access can be taken away automatically from the resources the person no longer requires access to.
7. Reporting capabilities can provide managers and executives reports on when access is given or removed as well as access granted outside of the defined organizational policies.
The IBM Tivoli Identity Manager application is a powerful tool that can assist IT departments in managing identities of personnel and access to IT resources across their organization. It has additional capabilities such as password policy enforcement, delegation of administration and many others. More detailed information can be found at the following links:
Identity Manager 4.6
http://www-306.ibm.com/software/sysmgmt/products/support/IBMTivoliIdentityManager.html
Identity Manager 4.6 Express--For small to medium businesses
http://www-306.ibm.com/software/sysmgmt/products/support/IBMTivoliIdentityManagerExpress.html
After I posted the instructions on How to Change the Default Page in ITIM 4.6 Interface I was thinking about the novices out there that are new to Identity Manager and need some help in understanding the capabilities of the product. So in this post I'll give a brief overview.
Identity Manager provides the capability to manage a company's personnel identities and access to IT resources needed to perform their jobs. This helps not only IT personnel in the management of the many user account requests that they have to process from time to time but also helps upper management in a variety of areas including: auditing and reporting to meet regulatory compliance, workflow functionality to automate the approval process to access requests, and provides a role-based solution to allow personnel access to resources based on their role within the organization. The concept is quite easy to understand:
1. An individual is hired by the company to perform a specific job role.
2. This individual is placed into an HR system.
3. ITIM can read the information from the HR system and create an identity for this person to have access to IT resources.
4. Depending on the role or roles the individual has within the organization they are automatically given or requested access to the resources they need to perform their job.
5. Approval processes can be put in place to get the proper approvals prior to granting access. This may involve supervisor, information security, and/or application owner approvals. This process can be automated to decrease the amount of time needed to gain approvals.
6. If the person is removed from the role or the organization access can be taken away automatically from the resources the person no longer requires access to.
7. Reporting capabilities can provide managers and executives reports on when access is given or removed as well as access granted outside of the defined organizational policies.
The IBM Tivoli Identity Manager application is a powerful tool that can assist IT departments in managing identities of personnel and access to IT resources across their organization. It has additional capabilities such as password policy enforcement, delegation of administration and many others. More detailed information can be found at the following links:
Identity Manager 4.6
http://www-306.ibm.com/software/sysmgmt/products/support/IBMTivoliIdentityManager.html
Identity Manager 4.6 Express--For small to medium businesses
http://www-306.ibm.com/software/sysmgmt/products/support/IBMTivoliIdentityManagerExpress.html
Thursday, June 28, 2007
How to Change the Default Page in ITIM 4.6 Interface
I had this question posed to me today and thought I would just post the instructions as it is simple process to change the users default page in the ITIM 4.6 interface. Once you make this change the new page you have defined will be the new default page for any new users you add to the system. To change existing users you would have to update their existing account information. You can do this through the UI or if you are LDAP savy find the setting in the ITIM LDAP repository. I DO NOT recommend changing LDAP settings for novice users. Stick with the GUI.
To change the default page for any accounts just update the default ITIM provisioning policy. Login to the ITIM interface, go to the ITIM Provisioning Policy, and select the Entitlements tab.
Click on the ITIM Service Link:
Click on the Advanced Provisioning Parameter List and add the Home Page attribute and then the default Page you would like the end user to have. The default page entry must be one of the entries that you can select from the drop down list when you create a new ITIM account.
After you add the Home Page attribute, remember to go through the normal process of submitting and saving your changes to the provisioning policy. This change will then allow any new users that are provisioned an ITIM account to have that default page you have defined when they login to ITIM.
Friday, June 1, 2007
Update
Hi all,
Been awhile since my last post. I've been busy with a major project, traveling to the Tivoli Technical User Conference, and getting my ITIM 4.6 certification.
Speaking of certifications. Just a tip for anyone reading this. Take the practice exam from IBM for $ 10.00. This will definitely help with your study efforts prior to taking the real exam.
I hope to start posting more valuable content soon (hints/tips).
Been awhile since my last post. I've been busy with a major project, traveling to the Tivoli Technical User Conference, and getting my ITIM 4.6 certification.
Speaking of certifications. Just a tip for anyone reading this. Take the practice exam from IBM for $ 10.00. This will definitely help with your study efforts prior to taking the real exam.
I hope to start posting more valuable content soon (hints/tips).
Friday, April 13, 2007
IBM Security Products
Here is a list of the IBM Security Products I plan on covering with my posts:
IBM Tivoli Identity Manager (ITIM v 4.6 and higher)
IBM Tivoli Access Manager for Enterprise Single Sign-On (ITAM E-SSO v 6.0 and higher)
IBM Tivoli Access Manager for Enterprise Single Sign-On Desktop Password Reset Adapter (ITAM E-SSO DPRA v 6.0 and higher)
IBM Tivoli Identity Manager (ITIM v 4.6 and higher)
IBM Tivoli Access Manager for Enterprise Single Sign-On (ITAM E-SSO v 6.0 and higher)
IBM Tivoli Access Manager for Enterprise Single Sign-On Desktop Password Reset Adapter (ITAM E-SSO DPRA v 6.0 and higher)
Testing Category Posting
I'm going to be posting by different categories within this blog. This is a general category post.
Subscribe to:
Posts (Atom)
