SafeNet Authentication Manager Express Upgrade

Upgrade InstructionsAll versions

SafeNet Authentication Manager Express

www.safenet-inc.com4690 Millennium Drive, Belcamp, Maryland 21017 USATelephone: +1 410 931 7500 or 1 800 533 3958

©2013 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners.



Software Version: All Versions Documentation Version: 20130313 © 2013 SafeNet, Inc. All rights reserved

Preface All intellectual property is protected by copyright. All trademarks and product names used or referred to are the copyright of their respective owners. No part of this document may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, chemical, photocopy, recording or otherwise without the prior written permission of SafeNet. SafeNet makes no representations or warranties with respect to the contents of this document and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, SafeNet reserves the right to revise this publication and to make changes from time to time in the content hereof without the obligation upon SafeNet to notify any person of organization of any such revisions or changes. SafeNet invites constructive comments on the contents of this document. These comments, together with your personal and/or company details, should be sent to the address below. 4690 Millennium Drive, Belcamp Maryland 21017, USA

Disclaimers The foregoing integration was performed and tested only with specific versions of equipment and software and only in the configuration indicated. If your setup matches exactly, you should expect no trouble, and Customer Support can assist with any missteps. If your setup differs, then the foregoing is merely a template and you will need to adjust the instructions to fit your situation. Customer Support will attempt to assist, but cannot guarantee success in setups that we have not tested. This product contains software that is subject to various public licenses. The source code form of such software and all derivative forms thereof can be copied from the following website: http://c3.safenet-inc.com/ We have attempted to make these documents complete, accurate, and useful, but we cannot guarantee them to be perfect. When we discover errors or omissions, or they are brought to our attention, we endeavor to correct them in succeeding releases of the product.

Technical Support If you encounter a problem while installing, registering or operating this product, please make sure that you have read the documentation. If you cannot resolve the issue, please contact your supplier or SafeNet support. SafeNet support operates 24 hours a day, 7 days a week. Your level of access to this service is governed by the support plan arrangements made between SafeNet and your organization. Please consult this support plan for further information about your entitlements, including the hours when telephone support is available to you.

Technical Support Contact Information: Phone: 800-545-6608, 410-931-7520Email: [email protected]

Publishing history

Date Part number Software release

April 2008 86-0948192-B SafeWord 2008 all versions

December 2008 86-0948192-C SafeWord 2008 all versions

May 2009 76-010080-D SafeWord 2008 all versions

April 2010 76-010080-E SafeWord 2008 all versions

February 2013 SAM Express, all versions

i

Welcome! This document provides information about upgrading your RemoteAccess 2.x system to SAM Express, or upgrading your previous SafeWord 4.x system to SAM Express. It also provides instructions on activating your new SAM Express installation.

Throughout this document, Active Directory Users and Computers will be abbreviated as ADUC.

If upgrading a SafeWord for Citrix, SafeWord for Nortel Networks, or SafeWord for Check Point system, use the “Upgrading your RemoteAccess 2.x system to SAM Express” on page 2.

If upgrading a previous SafeWord 3.x system, use the “Upgrading your SafeWord 4.x ESP system to SAM Express” on page 5.

Important: If you are upgrading machines in a replication ring, remove the target machine from the ring and upgrade each machine separately with the procedures in this guide. Upgraded machines must not be in the same replication ring as non-upgraded machines. After upgrading all machines, use the replication information found in the SAM Express Administration Guide to add the machines back into the ring.

The main documentation book set for SAM Express, including the SAM Express Administration Guide, the Agent Administration Guide, and the Authenticators Administration Guide, can be found at http://www.safenet-inc.com/support/SAMx-documentation/.

Contents...

Upgrading your RemoteAccess 2.x system to SAM Express ...............................................2

Upgrading your SafeWord 4.x ESP system to SAM Express ...............................................5

Upgrading to SAM Express 1

http://www.safenet-inc.com/support/SAMx-documentation/

Upgrading your RemoteAccess 2.x system to SAM Express

2


Upgrading your RemoteAccess 2.x system to SAM Express is accomplished by backing up and restoring your system data and configuration files as follows:

Backing up your existing database1 Back up your current RemoteAccess 2.x database from ADUC by selecting the Import/

Backup/Restore node.Save this file to a location outside the SafeWord RemoteAccess install directory, with a meaningful name and .ldif extension. It will be used later to restore your database into the SAM Express database.

2 Write down the SafeWord RemoteAccess administrator password from your current installation to use in the new installation.

3 Back up the signers.cfg file (in <Install_Dir>\SERVERS\Shared) to a location outside the SafeWord RemoteAccess install directory. It will be used to restore your database into the SAM Express database.

Note: The old database encryption key must remain the same.

4 Back up the sccservers.ini file (found in <Install_Dir>\SERVERS\Shared).

5 Back up the SccAdUserExt.ini file (found in <Windows>\SccAdUserExt directory).

Installing SAM ExpressIf not installing on the same machine, skip to step 3.

1 Stop all SafeWord services.

2 Uninstall RemoteAccess 2.x from Windows Add/Remove Programs, then reboot the machine.

3 Install SAM Express. Install the SAM Express Management Console, the Authentication Server and the Administration Server.

4 When prompted to enter the encryption and signing keys, enter new values.

5 When the installation is complete, open the old signers.cfg file and copy the following lines:• the first line starting with "dbCipher" for DES• the first line starting with "dbCipher" for 3DES

a Then open the new signers.cfg file (found in <Install_Dir>\SERVERS\Shared) and paste the previously copied “dbCipher” lines (from the old signers.cfg file) into the end of the new file, preserving their original order.

Important: Locate and delete the line “dbCipher, 3DES, 1234abcd4321dcba.” from your signers.cfg file. This line could be listed twice if you copied from the old signers.cfg file.

b Save the file.

6 If you had any custom settings in your sccservers.ini file, they will need to be copied (from the sccservers.ini file you backed up earlier) into the new sccservers.ini file.

7 Restart the SAM Express Administration Server and Authentication Engine by browsing to Start > Programs > Administrative Tools > Services, right-click SAM Express Administration Server and select Restart (repeat for the Authentication Engine).

8 Log on to ADUC by selecting Start > Programs > SafeNet > SAM Express> Active Directory Users and Computers, and change the administrator password to the password from the original RemoteAccess 2.x installation.

9 Activate your SAM Express installation (see “Activating SAM Express from ADUC” on page 3).

Upgrading to SAM Express


Activating SAM Express from ADUCTo activate from ADUC (have your activation certificate handy):

1 Right-click on the SAM Express folder (navigation pane, left side), and select Activate Product.If prompted for a password, enter your SAM Express administrator password, click OK, then right-click the SafeWord folder again and select Activate Product.If you have (or plan to have) multiple management consoles, you must use the same pass-word for all installations.

Important: If you have Token Group IDs that have not yet been activated, you may enter all of them at this time. All of your upgraded Token records have already been activated.

Note: You may be required to create a login the first time you visit the activation Web site.

2 Complete the activation form, then click Submit.A file will be downloaded that contains the key to activate your software and your token data records. You should back up these files in case you need to reactivate the software or re-import token records later. The SafeWord Administration Server and Authentication Engine services will restart.

3 To verify the activation, browse to <Install_Dir>\SERVERS\AdminServer\activation.The successfully processed license file is renamed key.activated.html.

4 Restore the database and complete the upgrade (next section).

If you are activating from a remote ADUC, see “Activating SAM Express on a remote ADUC installation” on page 4.

Restoring the database, and completing the upgrade

Important: Restore the database (from the .ldif file) first before adding or editing entries.

1 To restore the .ldif database (saved earlier), expand the SAM Express folder (navigation pane, left side) and click the Import/Backup/Restore icon.

2 From the Restore field, browse to the saved .ldif file, and click Restore.

3 Close ADUC.

4 Stop the SAM Express Administration Server and Authentication Engine.

5 Go to the <Install_Dir>\SERVERS\AdminServer\activation directory and rename key.activated.html to key.html to overwrite your RemoteAccess 2.x license from your backup .ldif file.

6 Start the SAM Express Administration Server and Authentication Engine.

7 Log on to ADUC with the administrative credentials from your old RemoteAccess 2.x system, and verify that all “objects” (tokens, token-user associations, etc.) were restored appropriately.

8 If your SafeWord Agents and ADUC were installed remotely, you should upgrade them at this time.

9 Verify that users with authenticators can log in successfully with any agent previously used.



4

Activating SAM Express on a remote ADUC installationIf ADUC is installed on a machine different than the machine on which the SAM Express server is running, the following additional activation steps are necessary:

Note: If SAM Express is installed on a 64 bit OS, the servers installation directory and the SAM Express Management Console are found in the C:\Program Files (x86) directory structure.

1 On the system where ADUC is installed, browse to the location where the key.html file is stored (<Install_Dir>\Import Data).

2 Copy key.html into the following subdirectory on the SAM Express system: <Install_Dir>\SERVERS\AdminServer\activation.

Important: Ensure the file name is key.html. Using any variation (key.htm or key.html.html, for instance) will cause the activation to fail.

3 Restart the SAM Express Administration Server and Authentication Engine by browsing to Start > Programs > Administrative Tools > Services.

4 Right click on SAM Express Administration Server and select Restart (repeat for the Authentication Engine).

The successfully processed license file will be renamed key.activated.html.


Upgrading your SafeWord 4.x ESP system to SAM Express


Upgrading your existing SafeWord 4.x system to SAM Express is accomplished by backing up and restoring your system data and configuration files as follows:

Note: If upgrading a SafeWord 4.x system without ESP, use “Upgrading your RemoteAccess 2.x system to SAM Express” on page 2.

Backing up your existing database1 Back up your current SafeWord PremierAccess 4.x database from the Admin Console by

selecting File > Backup Database.Save this file (to a location outside of the SafeWord install directory) with a meaningful name and .ldif extension (to later restore your database into the SAM Express database). The administrative password from your current installation will be used in the new installation.

2 Back up the signers.cfg file (found in <Install_Dir>\SERVERS\Shared), to a location outside the SAM Express install directory. It will be used to restore your database into the SAM Express database.

Note: The old database encryption key must remain the same.

3 Back up the sccservers.ini file (found in <Install_Dir>\SERVERS\Shared).

4 If you have RADIUS or RADIUS Accounting installed, back up (to a location outside of the SafeWord install directory) the clients, users (RADIUS only), and dictionary files (found in <Install_Dir>\SERVERS\RADIUS\RADIUSServer, and <Install_Dir>\SERVERS\RADIUS\RADIUSAccountingServer respectively.

Installing SAM ExpressIf not installing on the same machine, skip to step 3.

1 Stop all SAM Express services.

2 Uninstall SafeWord 4.x from Windows Add/Remove Programs, then reboot the machine.

3 Insert the SAM Express CD and select the Install SAM Express option from the AutoRun window. Select the SAM Express Management Console, the Authentication Server and the Administration Server.

4 When prompted to enter the encryption and signing keys, enter new values.

5 When the installation is completed:

a Open the old signers.cfg file and copy all lines starting with “dbCipher.”

b Then open the new signers.cfg file (found in <Install_Dir>\SERVERS\Shared) and paste the previously copied “dbCipher” lines (from the old signers.cfg file) into the end of the new file, preserving their original order.

Important: Locate and delete the line “dbCipher, 3DES, 1234abcd4321dcba”.

c Save the file.

6 If you had any custom settings in your sccservers.ini file, they will need to be copied (from the sccservers.ini file you backed up earlier) into the new sccservers.ini file.

7 Restart the SAM Express Administration Server and Authentication Engine by browsing to Start > Programs > Administrative Tools > Services, right-click SAM Express Administration Server and select Restart (repeat for the Authentication Engine).

8 Activate your SAM Express installation (see “Activating SAM Express manually” on page 6).


6


Activating SAM Express manually

Note: To activate from ADUC, refer to “Activating SAM Express from ADUC” on page 3.

To manually activate your software, do the following:

1 Create an RCR.txt file manually by doing the following:

a On the SAM Express installation server, select Start > Programs > SafeNet > SAM Express > SAM Express Management Console.

b Log in to the Administration Server using the default user name Administrator and the default password Administrator.

c From the Configuration menu, select Support. The Support Information Center page appears.

d Click the Save button to automatically save the RCR.txt file to a temporary directory.

Ora On the SAM Express installation server, select Start > Programs > SafeNet > SAM

Express > Active Directory Users and Computers.

b Right-click the SAM Express folder in the left directory tree and select Support.

c Click the Save button to automatically save the RCR.txt file to a temporary directory.

2 Browse to the SafeNet Portal and log in using the username and password that were sent to you when you registered.

Note: You may be required to create a login at your first visit to the activation site.

3 Enter your SAM Express Software serial number in the appropriate field. (The serial number format is NSXX-XXXX-XXXX-XXXX.)

4 Click Continue.The SAM Express Activation page appears.

Important: Token Group IDs that have not been activated may be entered at this time. All upgraded token records have already been activated.

5 Import the required support data (RCR.txt) by browsing to the RCR.txt file that you saved in step 1.

6 Complete the activation form, then click Submit.You can now download the files that contain the key to activate your software and your token data records. You should back up these files in case you need to reactivate the product or re-import token records later.

7 Copy key.html into the following subdirectory on the SAM Express system: <Install_Dir>\SERVERS\AdminServer\activation.

Important: Ensure the file name is key.html. Using any variation (key.htm or key.html.html, for instance) will cause the activation to fail.

8 Restart the SAM Express Administration Server and Authentication Engine by browsing to Start > Programs > Administrative Tools > Services, right click on SAM Express Administration Server and select Restart (repeat for the Authentication Engine).

9 To verify the activation, browse to <Install_Dir>\SERVERS\AdminServer\activation. The successfully processed license file is renamed key.activated.html.


https://portal.aladdin.com/


Restoring the database and completing the upgrade

Important: Restore the database (from the .ldif file) first before adding or editing entries.

1 Restore the .ldif database by selecting File > Restore Database, and the following two options must be selected:– Overwrite existing entries.– Re-sign restored records.

2 After the database has been restored, log out of the SafeWord 2008 Management Console.

3 Stop the Administration Server and Authentication Engine.

4 Go to the <Install_Dir>\SERVERS\AdminServer\activation directory and rename key.activated.html to key.html.

5 Restart the SafeWord Administration Server and Authentication Engine.

6 Log on to the SafeWord 2008 Management Console with the administrative credentials from your old SafeWord system, and verify that all “objects” (users, roles, ACLs, etc) were restored appropriately.

7 Restore any configuration or customized files you may have backed up previously (e.g. RADIUS files).

8 If your SafeWord Agents and SafeWord 2008 Management Console were installed remotely, you should upgrade them at this time.

9 Verify that users with fixed passwords and hardware authenticators can log in successfully and have the appropriate role/ACL restrictions assigned.



8

Administration GuideAll versions

SafeWord® 2008

SafeNet Authentication Manager Express Upgrade

Documents

Transcript of SafeNet Authentication Manager Express Upgrade