KB 160136: Upgrading to IDENTIKEY Authentication Server onto Windows Server 20161/3/2018 4:52:16 PM
This paper outlines the process for upgrading IDENTIKEY Authentication server to a new Microsoft Windows Server 2016 system.
With any IDENTIKEY upgrade, there are two aspects of the data migration that need to be supported; i.e.:
- Conversion of repository schema to match new release
- Migration of repository data to new server environment
As clients move their IDENTIKEY solutions on a Windows 2016 Server platform, they will be required to run IDENTIKEY 3.14 or greater. Given this scenario, when the current IDENTIKEY solution predates these releases, the upgrade/migration process needs to be customized due to the following factors:
1. The only supported IDENTIKEY product release currently for Windows Server 2016 is 3.14 (or greater).
2. With the IDENTIKEY 3.10 release, the accompanying Data Migration Tool (DMT) functionality changed to no longer support cross server migration between different IDENTIKEY versions1.
3. With Windows Server 2016 upgrades, there is no in-place OS upgrade option and a new host server is required2.
4. Lastly, the built-in ‘task-based’ migration functionality that was added to IDENTIKEY 3.10, generally only supports N-1 migration architecture, i.e. data migration from theprevious IDENTIKEY release version3.
This paper describes the considerations related to the IDENTIKEY upgrade and presents a process that can be used to perform a successful upgrade to IDENTIKEY 3.14 (or greater) on a Windows Server 2016 system. The same process may also be used for non-2016 upgrades where the target system is a new server system.
IDENTIKEY upgrade solution basics
In order to meet all of these factors, the 2016 upgrade process must be performed using a combination of the different available migrations options. Including:
• In-place IDENTIKEY migration (as part of in-place upgrade)
• Cross-server migration
• Repository copy (using non-VASCO utilities and/or repository features) 1 With
Here is the migration diagram (for an in-place upgrade) using a combination of these options:
If the client does not want to perform an in-place upgrade, an intermediate server must be used, this will modify the process by introducing the need for an intermediate host server; i.e.:
Note if the source system (depicted with the yellow square) is a pre-3.10 IDENTIKEY release, the migration to the IDENTIKEY 3.10 installation (on the intermediate server or in-place) may utilize the DMT available with the IDENTIKEY 3.10 release. Use of the DMT in this case may avoid unnecessary intermediate pre-3.10 IDENTIKEY installations and provide a single migration step from the original IDENTIKEY release version to 3.10.4
The DMT use/value can be illustrated in the following process diagram:
1 With most IAS releases, the DMT only supports cross server migration between IAS installations of the same version
2 In a production environment, clients are hesitant to idle or place the production server(s) at risk, so in-place IAS upgrades are generally not performed anyway.
3 Release 3.14 implemented task-based migration support from IAS 3.13 or IAS 3.10 release. Other releases require the separate IAS installations and data migration steps
4 After release 3.10, given the current N-to-N migration support only in the Data Migration Tool, there is no value in using the DMT instead of a database export/import process. The overall performance of a native DB export/import process is multiple times faster than moving data to the same version using DMT (likely related to multiple network DB connections required in the DMT logic).
Applies to: IDENTIKEY Authentication Server
KB 160136– 3/01/2018
© 2018 VASCO Data Security. All rights reserved.