Migrating internal user data from Atrium Single Sign-On to Remedy Single Sign-On

Migrating user data is applicable only if you are upgrading the TrueSight Presentation Server from a version earlier than 11.0.00.

After installing Remedy SSO, you must populate the new Remedy SSO system with your internal user groups and internal users existing in Atrium SSO.

For the existing features and functionalities associated with the user roles to work smoothly after upgrading the TrueSight Presentation Server, you must migrate the internal user groups and internal users from Atrium SSO to Remedy SSO. Use the following information to make your decision:

TrueSight Presentation Server upgrade	Single Sign-On (Configured with the Presentation Server)	Migrate user data	Do not migrate user data
From 10.7 or earlier to 11.x	From Atrium SSO to Remedy SSO
From 10.7 to 11.3.01	From Atrium SSO to Remedy SSO
From 11.0 or later to 11.3.01	From Remedy SSO to Remedy SSO

The UserDataMigration-Utility.zip file (migration utility) consists of a set of scripts: the exportUserDataFromASSO script that exports the internal user groups and users from Atrium SSO to CSV files, and the importUserDataIntoRSSO script that imports the CSV file data into Remedy SSO. If necessary, you can edit the CSV file before importing it into the Remedy SSO server.

You can only migrate the internal user groups and internal users from Atrium SSO to Remedy SSO and no other configurations. BMC recommends that you run this utility before upgrading the TrueSight Presentation Server. However, you can choose to migrate the user groups and users after upgrading the TrueSight Presentation Server.

Before you begin

You must have installed the Remedy SSO server.
The Remedy SSO server must be accessible from the host where you want to run the migration utility.
The Atrium SSO server must be accessible from the host where you are running the migration utility.

Related topic

Installing Remedy SSO

Migrating the data format before upgrading the Presentation Server

Internal users and Local users

Local groups (roles) and Local users in Remedy SSO are equivalent to Internal user groups and internal users in Atrium SSO.

Atrium SSO internal user data migration

The following diagram illustrates two internal user data migration sequence. Follow the scenario that best reflects your existing Atrium SSO configuration.

Scenario#1: Your Atrium SSO is configured with an external LDAP/AD user store and also contains internal user groups and internal users.

Scenario#2: Your Atrium SSO is configured with internal user groups and internal users only. This means, either no external LDAP/AD user store was configured or the external LDAP/AD user store was removed before running the migration scripts.

Preparing to migrate the internal user data from Atrium SSO to Remedy SSO

Copy and extract the UserDataMigration-Utility.zip file located in the Disk1\utility folder of the TrueSight Presentation Server installer to the host server from where you want to run the export and import commands.
Verify whether the host on which you run the utility has JRE 8 installed on it.
Set the JAVA_HOME environment variable pointing to a JRE 8 installation.
- If you plan to run this utility on a non-TrueSight Presentation Server host where the JAVA_HOME path was not set earlier,
  For example, (Windows) set JAVA_HOME=C:\Program Files\java\jre (Linux) export JAVA_HOME=/opt/java/jre.
- If you plan to run this utility on an existing TrueSight Presentation Server host server, setting JAVA_HOME is not required.
Log in to the Atrium SSO console and note the external LDAP/AD user store configuration details in Atrium SSO for each tenant whose internal usergroups and internal users are to be migrated. These details are useful if you need to restore the same configuration at a later time.
(Optional) Remove the external LDAP/AD user store configuration in Atrium SSO before executing the migration utility.

To migrate internal usergroups and internal users from Atrium SSO to Remedy SSO

Log in to the host server from where you want to run the migration utility.
Export the user data from Atrium SSO to a CSV file by running the following export script:
exportUserDataFromASSO -file <file_path\csv_file.csv> -assoHostName <FQDN_ASSO_HOST_NAME> -assoPort <ASSO_PORT> [-tenants <realm1,realm2,...>]
Notes
- The value for the -assoHostName argument must be a fully qualified domain name (FQDN) of the Atrium SSO server. If you do not provide an FQDN, the command succeeds, but with a warning message.
- The -tenants argument is optional. If you omit the argument or its value, only the default BmcRealm user data information is exported. It can also have a single or multiple tenant names as values, and each separated by a comma.
- The user data is exported into the CSV file. The CSV file contains one row for every user group in a tenant.
- If no path is specified, the CSV file is created in the script's home directory.
- The data is written to the CSV file in the following format:
  <Realm_ID1>, <Usergroup1>, <User_Name1>, <User_Name11>, <User_Name111>...
  <Realm_ID1>, <Usergroup2>, <User_Name2>, <User_Name21>, <User_Name211>...
  <Realm_ID2>, <Usergroup3>, <User_Name3>, <User_Name13>, <User_Name131>...
Example for exporting local users and local user groups from the tenant, mytenant:
exportUserDataFromASSO -file C:\asso_exported_local_users.csv -assoHostName asso.bmc.com -assoPort 443 -tenants mytenant
Example for exporting local users and local user groups from the default tenant, BmcRealm:
exportUserDataFromASSO -file C:\asso_exported_local_users.csv -assoHostName asso.bmc.com -assoPort 443
When prompted, enter the password for the Atrium SSO amadmin user.
Wait for the export to be completed.
(Optional) Edit the CSV file and manually delete all external LDAP/AD user groups. This step is required if the external LDAP/AD user store was not deleted from Atrium SSO before running the export script.
Note

Additionally, you can also add more users to the CSV file manually before you start importing.
Warning

Do not edit the tenant names in the CSV file manually before importing it. Editing the tenant names results in data loss or components disconnected from the TrueSight Presentation Server.
Import the user data from the CSV file into Remedy SSO by running the following import script:
importUserDataIntoRSSO -file <file_path\csv_file.csv> -rssoHostName <RSSO_HOST_NAME> -rssoPort <RSSO_PORT> [-rssoProtocol <RSSO_PROTOCOL>]
Notes

- If no file path is indicated, the script searches for the CSV file in its home directory.
- The rssoProtocol argument is optional. If you omit the argument or its value, the protocol is set to HTTPS.
- All internal user groups and internal users belonging to the BmcRealm tenant in the Atrium SSO are imported as the Local user groups and Local users under the *(asterisk) tenant (realm) in Remedy SSO. For all other tenants in the Atrium SSO, the user groups and users are imported under the respective tenants (realms) in Remedy SSO.
When prompted, enter the Remedy SSO Admin user password.
When prompted, type y or n for the message Do you want to set a common password for all local users imported into Remedy SSO server (y/n)?
Note

Atrium SSO user passwords cannot be exported for security reasons. While importing these users into Remedy SSO, you must set a password for each user. You can do that by either setting a common password for all the users explicitly or letting the system set a unique random password for each user.
- If you typed y, provide a common temporary password (minimum eight characters required) to be used for all users and proceed to step 9. Do this only if you want to set a common password for all the users explicitly. Setting a common password is convenient and easy to communicate to the users. However, for security reasons, the administrator must ask the users to change this password immediately.
  Warning
  
  If the temporary password is less than eight characters in length, users are not imported into Remedy SSO.
- If you typed n, proceed to step 8. Do this if you want the system to generate a unique random password for each user. The administrator must change the password for each user manually in the Remedy SSO console and communicate the reset passwords to the respective users. User will not be able to log into the console unless the administrator communicates the password. Setting a password for each user is more secure compared to setting a common password option.
Wait for the import to complete.
(Optional) If you typed n in step 8, log into the Remedy SSO console as the Admin user and set a temporary password for each imported user.
(Optional) Repeat steps 1 to 9 if you want to import user data for additional tenants.

Post-migration tasks

Update the passwords for the bppmws_internal and csm_user internal user accounts. These user accounts are out-of-the-box TrueSight Presentation Server internal users. You must update the passwords for these two internal users to re-establish the internal communication between the TrueSight Presentation Server and TrueSight Infrastructure Management Server and the TrueSight Infrastructure Management Server and BMC Service Resolution respectively.
To update the password for the bppmws_internal user account
1. Log into Remedy SSO as an Admin user.
  Note
  If you do not know the location of your Remedy SSO server, you can also log into the TrueSight console to launch the Remedy SSO console.
  1. In the TrueSight console, go to Administration > User Accounts.
  2. Select Manage via Remedy SSO.
  3. Log into the Remedy SSO console as an Admin user.
2. Change the password of the bppmws_internal user account.
3. Open a command prompt on the Infrastructure Management server and run the following command:
  pw internaluser change_passwd
4. Enter the new password.
  The new password is validated with Remedy SSO and then updated.
5. Restart the Infrastructure Management server.
To change the password for csm_user user account
1. Log into the Remedy SSO console as an Admin user.
  Note
  If you do not know the location of your Remedy SSO server, you can also log into the TrueSight console to launch the Remedy SSO console.
  1. In the TrueSight console, go to Administration > User Accounts.
  2. Select Manage via Remedy SSO.
  3. Log into the Remedy SSO console as an Admin user.
2. Change the csm_user password.
3. Run the following command on each Infrastructure Management Server integrated with BMC Service Resolution:
```
pw ibrsd register -arhost <AR Server host name> -arport <AR Server port number> -arUser <AR Server user name> -arpwd <AR user password> -tsimpwd <Password for csm_user user>
```
  <Password for csm_user user> is the password that you changed in step#2.
4. Restart the BMC Service Resolution.
Perform this step only after you upgraded the TrueSight Presentation Server. Provide the temporary password to the users asking them to change it to the password of their choice by logging into the TrueSight Presentation Server.
Info

Users can change their password using the TrueSight Presentation Server Action menu Change Password option.

Migration user data log file

You can find the migrateUserData.log file in the location where you ran the migration script. The log file contains details of errors that occurred during the execution of the user data migration utility. The log file is updated every time the migration script is run.

Where to go from here

Migration stage	Resource
If you migrated the internal users before upgrading the TrueSight Presentation Server, start the TrueSight Presentation Server upgrade	Upgrading
If you migrated the internal users after upgrading the TrueSight Presentation Server, continue adding new users and user groups	Managing users and user groups