Migrating credentials

Users of BMC Atrium Discovery 7.5 who have upgraded to version 8.3 can migrate their discovery credentials using the Credential Migration utility. This utility takes the credentials stored on version 7.5, encrypts them with a user provided passphrase, and saves the encrypted file to the version 7.5 file system. The encrypted file is manually uploaded to the 8.3 system, decrypted using the same passphrase, and imported into the Credential Vault.

Note

The supported migration path for BMC Atrium Discovery is from version 7.5.01.03 to version 8.3. If you plan to migrate data from earlier versions of BMC Atrium Discovery (or BMC Topology Discovery and BMC Foundation Discovery), you must first upgrade to version 7.5.01.03. For users migrating their mainframe data using BMC Discovery for zOS version 1.5, you must first upgrade to version 1.6.

 

Downloading the Credential Migration utility

The Migration utility can be downloaded from the Credential Migration page in the BMC Atrium Discovery 8.3 UI.
To download the utility:

  1. Select Credential Migration from the Discovery section of the Administration tab.
  2. Click the Get utility to export 7.5 credentials link.

Installing the Credential Migration utility

To install the Credential Migration utility on a BMC Atrium Discovery 7.5 system:

  1. Copy the zip file to the %TD_HOME%\install\deploy\tools directory.
  2. Extract the contents of the zip file into this directory, ensuring that you preserve the directory structure. The resulting files should look like this:
    %TD_HOME%\install\deploy\tools\credentials\
    %TD_HOME%\install\deploy\tools\credentials\impl_bootstrap.config
    %TD_HOME%\install\deploy\tools\credentials\Migrate_Credentials.bat
    %TD_HOME%\install\deploy\tools\credentials\lib\
    %TD_HOME%\install\deploy\tools\credentials\lib\ExtractCredentials.jar
    %TD_HOME%\install\deploy\tools\credentials\lib\log4j-1.2.14.jar
    

Exporting the Credentials from BMC Atrium Discovery 7.5

  1. On the BMC Atrium Discovery server, navigate to the following location:
    %TD_HOME%\install\deploy\tools
  2. Double-click the Migrate_Credentials.bat file to run the utility.
  3. In the Passphrase for XML Encryption dialog, type a passphrase in the passphrase field.
  4. Type the passphrase again when prompted in the confirmation field.
  5. Click OK.
    The passphrase is used to encrypt the contents of the XML file.

The credentials are encrypted and saved as Encrypted_Credentials.xml in the same directory. This file is an encrypted XML file and cannot be read in a text editor.

Migrating WebLogic credentials

If you are migrating discovery credentials for WebLogic, note that BMC Atrium Discovery version 8.3 requires host credentials for the WebLogic server. If available in version 7.5, the host credentials will be migrated. See Discovering WebLogic for information on the credentials required to discover WebLogic servers fully.

Migrating Mainframe credentials

If you are migrating discovery credentials for mainframe, note that BMC Atrium Discovery version 8.3 only supports one port per credential and so will normalise the version 7.5 credentials to fit this requirement. This may result in more credentials being created then the number that was exported from version 7.5.

Importing the Credentials into BMC Atrium Discovery 8.3

When you import the encrypted credentials file, UNIX, SNMP, WebLogic, and mainframe credentials are handled automatically. Windows credentials are split into two categories (credentials identified as belonging to a domain and not belonging to a domain) and need user interaction to be migrated to version 8.3.

  1. In the BMC Atrium Discovery version 8.3 UI, select Credential Migration from the Discovery section of the Administration tab.
  2. Type the path and name of the Encrypted_Credentials.xml file in the Import Filename field. Alternatively, click the browse button and navigate to the file using the File Upload dialog.
  3. In the File Passphrase field, enter the passphrase used to encrypt the file.
  4. Select the credential type that you want to import. The supported types are:
    • UNIX
    • SNMP
    • Windows
    • WebLogic
    • Mainframe

      Only select one credential type at a time

      You can only select and import one credential type at a time otherwise the import will fail silently and simply refresh the Credential Migration page. This defect has been fixed in 8.3 SP2 and you can select all the credential types at the same time.

  5. Enter a descriptive label to be applied to each imported credential. For example, "Migrated 7.5 Credentials".
  6. Click Upload.

If you have previously used the Credential Migration page and imported Windows domain information and credentials, any that were not migrated or deleted in the last session are still displayed in the Credential Migration page. They are deleted when you import a new credential file. You are asked for confirmation for this step.

If the import is successful, a message is displayed informing you how many UNIX, SNMP, WebLogic, and mainframe credentials were successfully imported. The screen is refreshed to show any domains that have been imported, and any Windows login credentials. The following sections describe how to assign domains to Active Directory Windows proxies, and Windows login credentials to a Credential Windows proxy.

The imported Windows domain information and login credentials are held in the credential vault.

Assigning domains to Windows proxies

Domain information found in the imported data is listed in the ADDM 7.5 Windows Domains list. This is used in conjunction with the ADDM 8.3 Active Directory Windows proxies list.
This screen illustrates domain information in imported domain lists.
For each domain in the ADDM 7.5 Windows Domains list the following links are provided:

  • Register – click this to register an Active Directory Windows proxy with the appliance. The Windows proxy must already be installed on a Windows host on the specified domain. When you click register, the Add Active Directory Windows proxy window is displayed. Enter the IP address of the Windows proxy and edit the name if required. Click Apply to apply the changes the changes and return to the Credential Migration page.
  • Download – click this to download an Active Directory Windows proxy installer. You need to be using a browser on the machine on which you want to install the Windows proxy. At the end of the Windows proxy installation procedure, select the Register Windows proxy with the Appliance you downloaded it from, and click Finish. The Add Active Directory Windows proxy page is displayed. Edit the name if required and add the domains which it will be used to scan.
  • Ignore – click this to delete the imported domain.
  • Ungroup – click this to remove this domain from the domains list and put the underlying credentials into the Windows login credentials list.

Migrating Windows login credentials to a Credential Windows proxy

Windows login credentials in BMC Atrium Discovery version 7.5 that did not have a discoverable domain (meaning that the username was not in the form domain\username) are listed in the Migrate Credentials section. This might be because the credential is still part of an implicit domain that 8.3 cannot detect but that the user knows. If this is the case, the credential(s) can be associated with a domain using the Add To Domain button. Any credentials that are not associated with a domain must be migrated across for use by an 8.3 Credential Windows proxy, as illustrated in the following screen.
This screen illustrates an example of the two lists of 7.5 and migrated 8.3 credentials.
Each login credential in the ADDM 7.5 NT Login Credentials list is of the following form:
username for IP_regex. The IP address or range of addresses is a regular expression.

To migrate a version 7.5 credential to version 8.3 for use by a credential Windows proxy, use the arrows between the two lists to migrate (or undo) the credential across to 8.3. In addition, the following buttons are also provided:

  • Test IP Access – if the user is unsure of whether 8.3 can already access an endpoint then the user can click this button to determine whether the appliance can log into the endpoint. When clicked a popup window will be displayed. Enter the IP address and click the test button to test access to that address. See Testing Credentials for a full description of testing IP access.
  • Add To Domain – if some 7.5 credentials have an implicit domain, then they can be assigned to that domain using this button. If that domain is already covered by an AD Windows proxy then the credentials will just be removed. Otherwise the new domain will be added to the list of domains to be migrated.
  • Ignore Credentials – click this button to delete the selected credential or credentials.
  • Register Credential Windows proxy – Individual credentials can only be migrated once a credential Windows proxy is registered with BMC Atrium Discovery 8.3. In order to do this click this button to register a Credential Windows proxy with the appliance. The Windows proxy must already be installed. When you click register, the Add Credential Windows proxy window is displayed. Enter the IP address of the Windows proxy and edit the name if required. Click Apply to apply the changes and return to the Credential Migration page.

Where ten or fewer credentials of a particular type (UNIX, SNMP, WebLogic, and mainframe) are imported the IP range for them is set to .*

Was this page helpful? Yes No Submitting... Thank you

Comments