Upgrade Instructions
SafeNet Authentication
Manager Express
Upgrade Instructions
All versions
www.safenet-inc.com
4690 Millennium Drive, Belcamp, Maryland 21017 USA
Telephone: +1 410 931 7500 or 1 800 533 3958
www.safenet-inc.com
4690 Millennium Drive, Belcamp, Maryland
21017 USA
©2011
SafeNet, Inc. All
Telephone: +1 410 931 7500 or 1 800 533 3958
rights reserved. SafeNet and SafeNet logo are registered trademarks of
SafeNet. All other product names are trademarks of their respective owners.
©2013 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet.
All other product names are trademarks of their respective owners.
Software Version: All Versions
Documentation Version: 20130313
© 2013 SafeNet, Inc. All rights reserved
Preface
All intellectual property is protected by copyright. All trademarks and product names used or referred to are the copyright of their respective owners.
No part of this document may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical,
chemical, photocopy, recording or otherwise without the prior written permission of SafeNet.
SafeNet makes no representations or warranties with respect to the contents of this document and specifically disclaims any implied warranties of
merchantability or fitness for any particular purpose. Furthermore, SafeNet reserves the right to revise this publication and to make changes from
time to time in the content hereof without the obligation upon SafeNet to notify any person of organization of any such revisions or changes.
SafeNet invites constructive comments on the contents of this document. These comments, together with your personal and/or company details,
should be sent to the address below.
4690 Millennium Drive, Belcamp Maryland 21017, USA
Disclaimers
The foregoing integration was performed and tested only with specific versions of equipment and software and only in the configuration indicated. If
your setup matches exactly, you should expect no trouble, and Customer Support can assist with any missteps. If your setup differs, then the
foregoing is merely a template and you will need to adjust the instructions to fit your situation. Customer Support will attempt to assist, but cannot
guarantee success in setups that we have not tested.
This product contains software that is subject to various public licenses. The source code form of such software and all derivative forms thereof can
be copied from the following website: http://c3.safenet-inc.com/
We have attempted to make these documents complete, accurate, and useful, but we cannot guarantee them to be perfect. When we discover
errors or omissions, or they are brought to our attention, we endeavor to correct them in succeeding releases of the product.
Technical Support
If you encounter a problem while installing, registering or operating this product, please make sure that you have read the documentation. If you
cannot resolve the issue, please contact your supplier or SafeNet support.
SafeNet support operates 24 hours a day, 7 days a week. Your level of access to this service is governed by the support plan arrangements made
between SafeNet and your organization. Please consult this support plan for further information about your entitlements, including the hours when
telephone support is available to you.
Technical Support Contact Information:
Phone: 800-545-6608, 410-931-7520
Email: support@safenet-inc.com
Publishing history
Date
Part number
Software release
April 2008
86-0948192-B
SafeWord 2008 all versions
December 2008
86-0948192-C
SafeWord 2008 all versions
May 2009
76-010080-D
SafeWord 2008 all versions
April 2010
76-010080-E
SafeWord 2008 all versions
February 2013
SAM Express, all versions
i
ii
Welcome!
This document provides information about upgrading your RemoteAccess 2.x system to SAM
Express, or upgrading your previous SafeWord 4.x system to SAM Express. It also provides
instructions on activating your new SAM Express installation.
Throughout this document, Active Directory Users and Computers will be abbreviated as ADUC.
If upgrading a SafeWord for Citrix, SafeWord for Nortel Networks, or SafeWord for Check Point
system, use the “Upgrading your RemoteAccess 2.x system to SAM Express” on page 2.
If upgrading a previous SafeWord 3.x system, use the “Upgrading your SafeWord 4.x ESP
system to SAM Express” on page 5.
Important: If you are upgrading machines in a replication ring, remove the target machine from the
ring and upgrade each machine separately with the procedures in this guide. Upgraded machines
must not be in the same replication ring as non-upgraded machines. After upgrading all machines,
use the replication information found in the SAM Express Administration Guide to add the machines
back into the ring.
The main documentation book set for SAM Express, including the SAM Express Administration
Guide, the Agent Administration Guide, and the Authenticators Administration Guide, can be
found at http://www.safenet-inc.com/support/SAMx-documentation/.
Contents...
Upgrading your RemoteAccess 2.x system to SAM Express ...............................................2
Upgrading your SafeWord 4.x ESP system to SAM Express ...............................................5
Upgrading to SAM Express 1
Upgrading your RemoteAccess 2.x system to SAM Express
Upgrading your
RemoteAccess
2.x system to
SAM Express
Upgrading your RemoteAccess 2.x system to SAM Express is accomplished by backing up and
restoring your system data and configuration files as follows:
Backing up your existing database
1 Back up your current RemoteAccess 2.x database from ADUC by selecting the Import/
Backup/Restore node.
Save this file to a location outside the SafeWord RemoteAccess install directory, with a
meaningful name and .ldif extension. It will be used later to restore your database into the
SAM Express database.
2 Write down the SafeWord RemoteAccess administrator password from your current
installation to use in the new installation.
3 Back up the signers.cfg file (in <Install_Dir>\SERVERS\Shared) to a location outside the
SafeWord RemoteAccess install directory.
It will be used to restore your database into the SAM Express database.
Note: The old database encryption key must remain the same.
4 Back up the sccservers.ini file (found in <Install_Dir>\SERVERS\Shared).
5 Back up the SccAdUserExt.ini file (found in <Windows>\SccAdUserExt directory).
Installing SAM Express
If not installing on the same machine, skip to step 3.
1 Stop all SafeWord services.
2 Uninstall RemoteAccess 2.x from Windows Add/Remove Programs, then reboot the
machine.
3 Install SAM Express. Install the SAM Express Management Console, the Authentication
Server and the Administration Server.
4 When prompted to enter the encryption and signing keys, enter new values.
5 When the installation is complete, open the old signers.cfg file and copy the following lines:
•
•
the first line starting with "dbCipher" for DES
the first line starting with "dbCipher" for 3DES
a Then open the new signers.cfg file (found in <Install_Dir>\SERVERS\Shared) and paste
the previously copied “dbCipher” lines (from the old signers.cfg file) into the end of the
new file, preserving their original order.
Important: Locate and delete the line “dbCipher, 3DES, 1234abcd4321dcba.” from your
signers.cfg file. This line could be listed twice if you copied from the old signers.cfg file.
b Save the file.
6 If you had any custom settings in your sccservers.ini file, they will need to be copied (from
the sccservers.ini file you backed up earlier) into the new sccservers.ini file.
7 Restart the SAM Express Administration Server and Authentication Engine by browsing to
Start > Programs > Administrative Tools > Services, right-click SAM Express
Administration Server and select Restart (repeat for the Authentication Engine).
8 Log on to ADUC by selecting Start > Programs > SafeNet > SAM Express> Active Directory
Users and Computers, and change the administrator password to the password from the
original RemoteAccess 2.x installation.
9 Activate your SAM Express installation (see “Activating SAM Express from ADUC” on page
3).
2
Upgrading to SAM Express
Upgrading your RemoteAccess 2.x system to SAM Express
Activating SAM Express from ADUC
To activate from ADUC (have your activation certificate handy):
1 Right-click on the SAM Express folder (navigation pane, left side), and select Activate
Product.
If prompted for a password, enter your SAM Express administrator password, click OK, then
right-click the SafeWord folder again and select Activate Product.
If you have (or plan to have) multiple management consoles, you must use the same password for all installations.
Important: If you have Token Group IDs that have not yet been activated, you may enter all of them
at this time. All of your upgraded Token records have already been activated.
Note: You may be required to create a login the first time you visit the activation Web site.
2 Complete the activation form, then click Submit.
A file will be downloaded that contains the key to activate your software and your token data
records. You should back up these files in case you need to reactivate the software or reimport token records later.
The SafeWord Administration Server and Authentication Engine services will restart.
3 To verify the activation, browse to <Install_Dir>\SERVERS\AdminServer\activation.
The successfully processed license file is renamed key.activated.html.
4 Restore the database and complete the upgrade (next section).
If you are activating from a remote ADUC, see “Activating SAM Express on a remote ADUC
installation” on page 4.
Restoring the database, and completing the upgrade
Important: Restore the database (from the .ldif file) first before adding or editing entries.
1 To restore the .ldif database (saved earlier), expand the SAM Express folder (navigation
pane, left side) and click the Import/Backup/Restore icon.
2 From the Restore field, browse to the saved .ldif file, and click Restore.
3 Close ADUC.
4 Stop the SAM Express Administration Server and Authentication Engine.
5 Go to the <Install_Dir>\SERVERS\AdminServer\activation directory and rename
key.activated.html to key.html to overwrite your RemoteAccess 2.x license from your backup
.ldif file.
6 Start the SAM Express Administration Server and Authentication Engine.
7 Log on to ADUC with the administrative credentials from your old RemoteAccess 2.x system,
and verify that all “objects” (tokens, token-user associations, etc.) were restored
appropriately.
8 If your SafeWord Agents and ADUC were installed remotely, you should upgrade them at
this time.
9 Verify that users with authenticators can log in successfully with any agent previously used.
Upgrading to SAM Express 3
Upgrading your RemoteAccess 2.x system to SAM Express
Activating SAM Express on a remote ADUC installation
If ADUC is installed on a machine different than the machine on which the SAM Express server
is running, the following additional activation steps are necessary:
Note: If SAM Express is installed on a 64 bit OS, the servers installation directory and the SAM
Express Management Console are found in the C:\Program Files (x86) directory structure.
1 On the system where ADUC is installed, browse to the location where the key.html file is
stored (<Install_Dir>\Import Data).
2 Copy key.html into the following subdirectory on the SAM Express system:
<Install_Dir>\SERVERS\AdminServer\activation.
Important: Ensure the file name is key.html. Using any variation (key.htm or key.html.html, for
instance) will cause the activation to fail.
3 Restart the SAM Express Administration Server and Authentication Engine by browsing to
Start > Programs > Administrative Tools > Services.
4 Right click on SAM Express Administration Server and select Restart (repeat for the
Authentication Engine).
The successfully processed license file will be renamed key.activated.html.
4
Upgrading to SAM Express
Upgrading your SafeWord 4.x ESP system to SAM Express
Upgrading your
SafeWord 4.x
ESP system to
SAM Express
Upgrading your existing SafeWord 4.x system to SAM Express is accomplished by backing up
and restoring your system data and configuration files as follows:
Note: If upgrading a SafeWord 4.x system without ESP, use “Upgrading your RemoteAccess 2.x
system to SAM Express” on page 2.
Backing up your existing database
1 Back up your current SafeWord PremierAccess 4.x database from the Admin Console by
selecting File > Backup Database.
Save this file (to a location outside of the SafeWord install directory) with a meaningful name
and .ldif extension (to later restore your database into the SAM Express database). The
administrative password from your current installation will be used in the new installation.
2 Back up the signers.cfg file (found in <Install_Dir>\SERVERS\Shared), to a location outside
the SAM Express install directory. It will be used to restore your database into the SAM
Express database.
Note: The old database encryption key must remain the same.
3 Back up the sccservers.ini file (found in <Install_Dir>\SERVERS\Shared).
4 If you have RADIUS or RADIUS Accounting installed, back up (to a location outside of the
SafeWord install directory) the clients, users (RADIUS only), and dictionary files (found in
<Install_Dir>\SERVERS\RADIUS\RADIUSServer, and
<Install_Dir>\SERVERS\RADIUS\RADIUSAccountingServer respectively.
Installing SAM Express
If not installing on the same machine, skip to step 3.
1 Stop all SAM Express services.
2 Uninstall SafeWord 4.x from Windows Add/Remove Programs, then reboot the machine.
3 Insert the SAM Express CD and select the Install SAM Express option from the AutoRun
window. Select the SAM Express Management Console, the Authentication Server and the
Administration Server.
4 When prompted to enter the encryption and signing keys, enter new values.
5 When the installation is completed:
a Open the old signers.cfg file and copy all lines starting with “dbCipher.”
b Then open the new signers.cfg file (found in <Install_Dir>\SERVERS\Shared) and paste
the previously copied “dbCipher” lines (from the old signers.cfg file) into the end of the
new file, preserving their original order.
Important: Locate and delete the line “dbCipher, 3DES, 1234abcd4321dcba”.
c Save the file.
6 If you had any custom settings in your sccservers.ini file, they will need to be copied (from
the sccservers.ini file you backed up earlier) into the new sccservers.ini file.
7 Restart the SAM Express Administration Server and Authentication Engine by browsing to
Start > Programs > Administrative Tools > Services, right-click SAM Express
Administration Server and select Restart (repeat for the Authentication Engine).
8 Activate your SAM Express installation (see “Activating SAM Express manually” on page 6).
Upgrading to SAM Express 5
Upgrading your SafeWord 4.x ESP system to SAM Express
Activating SAM Express manually
Note: To activate from ADUC, refer to “Activating SAM Express from ADUC” on page 3.
To manually activate your software, do the following:
1 Create an RCR.txt file manually by doing the following:
a On the SAM Express installation server, select Start > Programs > SafeNet > SAM
Express > SAM Express Management Console.
b Log in to the Administration Server using the default user name Administrator and the
default password Administrator.
c From the Configuration menu, select Support. The Support Information Center page
appears.
d Click the Save button to automatically save the RCR.txt file to a temporary directory.
Or
a On the SAM Express installation server, select Start > Programs > SafeNet > SAM
Express > Active Directory Users and Computers.
b Right-click the SAM Express folder in the left directory tree and select Support.
c Click the Save button to automatically save the RCR.txt file to a temporary directory.
2 Browse to the SafeNet Portal and log in using the username and password that were sent to
you when you registered.
Note: You may be required to create a login at your first visit to the activation site.
3 Enter your SAM Express Software serial number in the appropriate field. (The serial number
format is NSXX-XXXX-XXXX-XXXX.)
4 Click Continue.
The SAM Express Activation page appears.
Important: Token Group IDs that have not been activated may be entered at this time. All upgraded
token records have already been activated.
5 Import the required support data (RCR.txt) by browsing to the RCR.txt file that you saved in
step 1.
6 Complete the activation form, then click Submit.
You can now download the files that contain the key to activate your software and your token
data records. You should back up these files in case you need to reactivate the product or reimport token records later.
7 Copy key.html into the following subdirectory on the SAM Express system:
<Install_Dir>\SERVERS\AdminServer\activation.
Important: Ensure the file name is key.html. Using any variation (key.htm or key.html.html, for
instance) will cause the activation to fail.
8 Restart the SAM Express Administration Server and Authentication Engine by browsing to
Start > Programs > Administrative Tools > Services, right click on SAM Express
Administration Server and select Restart (repeat for the Authentication Engine).
9 To verify the activation, browse to <Install_Dir>\SERVERS\AdminServer\activation. The
successfully processed license file is renamed key.activated.html.
6
Upgrading to SAM Express
Upgrading your SafeWord 4.x ESP system to SAM Express
Restoring the database and completing the upgrade
Important: Restore the database (from the .ldif file) first before adding or editing entries.
1 Restore the .ldif database by selecting File > Restore Database, and the following two options
must be selected:
– Overwrite existing entries.
– Re-sign restored records.
2 After the database has been restored, log out of the SafeWord 2008 Management Console.
3 Stop the Administration Server and Authentication Engine.
4 Go to the <Install_Dir>\SERVERS\AdminServer\activation directory and rename
key.activated.html to key.html.
5 Restart the SafeWord Administration Server and Authentication Engine.
6 Log on to the SafeWord 2008 Management Console with the administrative credentials from
your old SafeWord system, and verify that all “objects” (users, roles, ACLs, etc) were
restored appropriately.
7 Restore any configuration or customized files you may have backed up previously (e.g.
RADIUS files).
8 If your SafeWord Agents and SafeWord 2008 Management Console were installed remotely,
you should upgrade them at this time.
9 Verify that users with fixed passwords and hardware authenticators can log in successfully
and have the appropriate role/ACL restrictions assigned.
Upgrading to SAM Express 7
Upgrading your SafeWord 4.x ESP system to SAM Express
8
Upgrading to SAM Express
SafeWord® 2008
Administration Guide
All versions
www.safenet-inc.com
4690 Millennium Drive, Belcamp, Maryland 21017 USA
Telephone: +1 410 931 7500 or 1 800 533 3958
©2013 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet.
All other product names are trademarks of their respective owners.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising