SafeNet Authentication Service post-upgrade checklist

After SAS is upgraded in both Primary and Secondary data centers, it is recommended to:

• Verify SAS configuration from both Primary and Secondary SAS Consoles (SYSTEM level).

• Perform final round of testing for authentication(s) that SAS is processing.

• Migrate data

If you are using PostgreSQL v9.3 and want to switch to PostgreSQL v9.6, follow the instructions to migrate the existing data.

Migrate Data

From PostgreSQL 9.3 to PostgreSQL 9.6

If not already installed, a user can install PostgreSQL v9.6 (PostgreSQL 9.6.4) during the SAS installation/ upgrade process.

Perform the following steps to migrate the data:

1. Using Services control panel, stop both the PostgreSQL services:

   • postgresql-x64-9.3

   • postgresql-x64-9.6

2. A Windows user named postgres is created as part of the installation process. To make the user, a database user, add it to your PC’s Administrators group.

3. Using Windows Explorer, grant Full Control permission to Windows postgres account on the following path (and all its child paths): C:\Program Files\PostgreSQL\

4. Edit pg_hba.config file (available at, C:\Program Files\PostgreSQL[version]\data) for both database servers. Edit the following lines of code:

   Old Values	New Values
   host all all 127.0.0.1/32 md5 host all all ::1/128 md5	host all all 127.0.0.1/32 trust host all all ::1/128 trust

5. Login as the postgres user and run the following command:
   C:\Program Files\PostgreSQL\9.6\bin>pg_upgrade -d "C:\Program Files\PostgreSQL\9.3\data" -D "C:\Program Files\PostgreSQL\9.6\data" -b "C:\Program Files\PostgreSQL\9.3\bin" -B "C:\Program Files\PostgreSQL\9.6\bin"

6. Login as an administrator. Since the SAS solution communicates with the PostgreSQL database using TCP Port 5432, perform the following steps to change the TCP Port from 5433 to 5432:

7. Ensure that the PostgreSQL v9.3 service is stopped.

8. Edit postgresql.config file for the new PostgreSQL install and change the listening port to 5432 (from 5433).

9. Start the PostgreSQL v9.6 service.

To connect with the PostgreSQL PgAdmin4 tool, complete the following changes:

1. Open PgAdmin4 tool, right-click PostgreSQL v9.6 Server and navigate to Properties > Connection.

2. Change the value of TCP Port to 5432 and save the changes.

3. Restart the PostgreSQL v9.6 service.

Migrating Data through DbMigrator

As your requirements change over time, you may need to migrate data from your current SQL server to another. To perform database migration, SafeNet Authentication Service uses an application called DbMigrator which enables you to move data from your source database to the target SQL server. Refer to the following example to migrate data from one database to another using the DbMigrator utility.

1. Run the DatabaseMigrator.exe, which is located at ..\CRYPTOCard\BlackShield ID\DbMigrator, as an administrator. The BlackShield Database Migration window is displayed.

   

2. Click the Configure button in the Source section to configure the current database, which is PostgreSQL in this case. The Configure Source window is displayed.

   

3. Select PostgreSQL from the drop-down list in the Database Type field.

4. Enter the password configured for the PostgreSQL database in the Password field and click OK.

   The BlackShield Database Migration window displays Status: Full Connection Active in the Source section.

   

5. Click the Configure button in the Destination section to configure the target database, which is MySQL in this case. The Configure Source window is displayed.

6. Select MySQL from the drop-down list in the Database Type field. Configuration settings for the database are displayed.

   To configure and connect to the MySQL database, you must have MySQL.Net Connector 8.0.32 already installed in your machine. If not, you will be prompted to install the same.
   
   Once the installation is complete, you need to close the DbMigrator application and begin the migration process again from step 1.

7. In the Configure Source window, enter the password configured for the MySQL database in the Password field and click OK.

   

   The BlackShield Database Migration window displays Status: Ready to Create in the Destination section.

   

8. Click Copy Data to start the migration process. The Progress window is displayed.

   

9. When the process is complete, the window displays Migration Complete message. Click OK to finish the process.

   

Configuration Verification

1. Connect to both the Primary and Secondary SAS servers hosting the SAS Console.

2. Open a browser and browse to the SAS Console (using an internal IP address; for example, https://localhost/console).

3. Login with local/domain admin credentials to the SYSTEM Level.

4. Click SYSTEM > Setup. Verify that the configuration is unchanged for the following:

   • Permit LDAP

   • FreeRADIUS Synchronization

5. Click SYSTEM > Communications. Verify that the configuration is unchanged for the following:

   • SMS Settings

   • E-mail Settings

   • Operator E-mail Validation URL

Authentication testing

• Console Login – Login to an SAS Virtual Server account and verify that each tab (On-Boarding, Virtual Servers, Snapshot, Reports, etc.) is displaying information properly.

• RADIUS – Verify that RADIUS authentication can be performed against a Virtual Server and that customers are authenticating against both the Primary and Secondary data centers.

• TokenValidator – Verify that Token Validator authentication can be performed against a virtual server, and that customers are authenticating against both the Primary and Secondary data centers.

Windows Registry changes (optional)

If any SAS Windows Registry settings were changed prior to the upgrade, verify that these changes are still in place by going to the following Windows Registry location. This check needs to be performed on each SAS server.

HKEY_LOCAL_MACHINE\SOFTWARE\CRYPTOCard\BlackShield ID