The following diagram illustrates two internal user data migration sequence. Follow the scenario that best reflects your existing Atrium SSO configuration.- Scenario#1: Your Atrium SSO is configured with an external LDAP/AD user store and also contains internal user groups and internal users.
- Scenario#2: Your Atrium SSO is configured with internal user groups and internal users only. This means, either no external LDAP/AD user store was configured or the external LDAP/AD user store was removed before running the migration scripts.
- Copy and extract the UserDataMigration-Utility.zip file located in the Disk1\utility folder of the TrueSight Presentation Server installer to the host server from where you want to run the export and import commands.
- Verify whether the host on which you run the utility has JRE 8 installed on it.
- Set the JAVA_HOME environment variable pointing to a JRE 8 installation.
- If you plan to run this utility on a non-TrueSight Presentation Server host where the JAVA_HOME path was not set earlier,
For example, (Windows) set JAVA_HOME=C:\Program Files\java\jre (Linux) export JAVA_HOME=/opt/java/jre. - If you plan to run this utility on an existing TrueSight Presentation Server host server, setting JAVA_HOME is not required.
- Log in to the Atrium SSO console and note the external LDAP/AD user store configuration details in Atrium SSO for each tenant whose internal usergroups and internal users are to be migrated. These details are useful if you need to restore the same configuration at a later time.
- (Optional) Remove the external LDAP/AD user store configuration in Atrium SSO before executing the migration utility.
To migrate internal usergroups and internal users from Atrium SSO to Remedy SSO
- Log in to the host server from where you want to run the migration utility.
Export the user data from Atrium SSO to a CSV file by running the following export script:
exportUserDataFromASSO -file <file_path\csv_file.csv> -assoHostName <FQDN_ASSO_HOST_NAME> -assoPort <ASSO_PORT> [-tenants <realm1,realm2,...>]Notes- The value for the -assoHostName argument must be a fully qualified domain name (FQDN) of the Atrium SSO server. If you do not provide an FQDN, the command succeeds, but with a warning message.
- The -tenants argument is optional. If you omit the argument or its value, only the default BmcRealm user data information is exported. It can also have a single or multiple tenant names as values, and each separated by a comma.
- The user data is exported into the CSV file. The CSV file contains one row for every user group in a tenant.
- If no path is specified, the CSV file is created in the script's home directory.
- The data is written to the CSV file in the following format:
<Realm_ID1>, <Usergroup1>, <User_Name1>, <User_Name11>, <User_Name111>...
<Realm_ID1>, <Usergroup2>, <User_Name2>, <User_Name21>, <User_Name211>...
<Realm_ID2>, <Usergroup3>, <User_Name3>, <User_Name13>, <User_Name131>...
Example for exporting local users and local user groups from the tenant, mytenant: exportUserDataFromASSO -file C:\asso_exported_local_users.csv -assoHostName asso.bmc.com -assoPort 443 -tenants mytenantExample for exporting local users and local user groups from the default tenant, BmcRealm:exportUserDataFromASSO -file C:\asso_exported_local_users.csv -assoHostName asso.bmc.com -assoPort 443
- When prompted, enter the password for the Atrium SSO amadmin user.
Wait for the export to be completed. (Optional) Edit the CSV file and manually delete all external LDAP/AD user groups. This step is required if the external LDAP/AD user store was not deleted from Atrium SSO before running the export script.
NoteAdditionally, you can also add more users to the CSV file manually before you start importing.
WarningDo not edit the tenant names in the CSV file manually before importing it. Editing the tenant names results in data loss or components disconnected from the TrueSight Presentation Server.
- Import the user data from the CSV file into Remedy SSO by running the following import script:
importUserDataIntoRSSO -file <file_path\csv_file.csv> -rssoHostName <RSSO_HOST_NAME> -rssoPort <RSSO_PORT> [-rssoProtocol <RSSO_PROTOCOL>]
Notes- If no file path is indicated, the script searches for the CSV file in its home directory.- The rssoProtocol argument is optional. If you omit the argument or its value, the protocol is set to HTTPS.- All internal user groups and internal users belonging to the BmcRealm tenant in the Atrium SSO are imported as the Local user groups and Local users under the *(asterisk) tenant (realm) in Remedy SSO. For all other tenants in the Atrium SSO, the user groups and users are imported under the respective tenants (realms) in Remedy SSO.
- When prompted, enter the Remedy SSO Admin user password.
When prompted, type
y or
n for the message
Do you want to set a common password for all local users imported into Remedy SSO server (y/n)?NoteAtrium SSO user passwords cannot be exported for security reasons. While importing these users into Remedy SSO, you must set a password for each user. You can do that by either setting a common password for all the users explicitly or letting the system set a unique random password for each user.
If you typed
y, provide a common temporary password (minimum eight characters required) to be used for all users and proceed to step 9. Do this only if you want to set a common password for all the users explicitly. Setting a common password is convenient and easy to communicate to the users. However, for security reasons, the administrator must ask the users to change this password immediately.
WarningIf the temporary password is less than eight characters in length, users are not imported into Remedy SSO.
- If you typed n, proceed to step 8. Do this if you want the system to generate a unique random password for each user. The administrator must change the password for each user manually in the Remedy SSO console and communicate the reset passwords to the respective users. User will not be able to log into the console unless the administrator communicates the password. Setting a password for each user is more secure compared to setting a common password option.
Wait for the import to complete.
- (Optional) If you typed n in step 8, log into the Remedy SSO console as the Admin user and set a temporary password for each imported user.
- (Optional) Repeat steps 1 to 9 if you want to import user data for additional tenants.
Update the passwords for the
bppmws_internal and
csm_user internal user accounts. These user accounts are out-of-the-box TrueSight Presentation Server internal users. You must update the passwords for these two internal users to re-establish the internal communication between the TrueSight Presentation Server and
TrueSight Infrastructure Management Server and the
TrueSight Infrastructure Management Server and BMC Service Resolution respectively.
Failed to execute the [excerpt-include] macro.
The instructions to change the password for csm_user account are applicable in the following scenarios only:- When you integrate Infrastructure Management Server with BMC Service Resolution 3.0.
- When you migrate the internal user data from Atrium SSO to Remedy SSO.
Failed to execute the [excerpt-include] macro.- Perform this step only after you upgraded the TrueSight Presentation Server. Provide the temporary password to the users asking them to change it to the password of their choice by logging into the TrueSight Presentation Server.
InfoUsers can change their password using the TrueSight Presentation Server Action menu
Change Password option.
You can find the migrateUserData.log file in the location where you ran the migration script. The log file contains details of errors that occurred during the execution of the user data migration utility. The log file is updated every time the migration script is run.
Complete the post-upgrade tasks: