To ensure a smooth transition, it is recommend that you develop a migration plan. When you develop your plan, you need accurate information identifying the following:
Version of SecureLogin:
Set to run on the directory.
Installed on the administration workstation.
Installed on each user workstation.
Time frame within which you must complete the full upgrade.
Deployment method (automated or manual?)
Total number of users.
Which containers/organizational units each user belongs to.
Number of kiosk mode users.
Number of laptop users.
Which users, if any, you need to upgrade first.
A list of applications required to be enabled for SecureLogin.
This information is the basis of the migration plan. You can develop and document migration plans in a variety of ways; the following is an example of one method.
Acme is an organization with a total of 30,000 users. 16,000 are allocated a fixed workstation, 3,000 are laptop users, and 11,000 access applications in Kiosk mode. The network environment is Microsoft Active Directory, and SecureLogin version 3.5 is currently implemented. All users are managed from one administration workstation. ZENworks is used for application distribution and deployment generally occurs overnight.
Sales OU users have laptops for mobile access to the network. The Central Administration OUs contain a combination of static workstations and laptop users. Manufacturing and Purchasing OU users are mobile; workstations are accessed in Kiosk mode. Users in the remaining OUs are each allocated a workstation for their sole use.
The Java functionality provided by the new version of SecureLogin is eagerly awaited by users in the Sales group, so they have volunteered to test the upgrade. After the upgrade is successfully deployed to the Sales group, SecureLogin is deployed in stages to the rest of Acme.
Directory and test user
Sales
Central Administration and Human resources
Account Marketing
Manufacturing and Purchasing
Administration Workstation
Day 1: Upgrade the server directory; extend the schema, and assign rights to the organizational units. Ensure that all containers and organizational units have the following:
Directory database version 3.5.
Stop tree walking preference value is set to Yes.
Create a test user in the Sales OU and change the setting for the user object to directory database version value 3.5.
Test single sign-on enabling of required application
Day 2: On successful deployment of the upgrade for the test user, manually set the directory database version to 6.0 on the Sales OU to enable full upgrade functionality.
Deploy the SecureLogin upgrade on all Sales OU workstations/laptops. Assist Sales users with single sign-on enabling for Java applications.
Ensure that all laptop users have the SecureLogin Cache setting enabled to ensure that the cache is stored locally.
Day 3: Monitor any upgrade issues for the upgraded Sales OU users. If all issues have been resolved successfully, install the SecureLogin upgrade on all laptops and workstations associated with the Central Administration and Human Resources OUs.
Set the directory database version to 6.0 on the Central Administration and Human Resources OUs to enable full upgrade functionality.
Day 4: Install the SecureLogin upgrade on workstations associated with the following OUs:
Accounting
Marketing
Day 5: Review and resolve any issues.
Day 6: Install the SecureLogin upgrade on workstations associated with the following OUs:
Manufacturing
Purchasing
Review any upgrade issues encountered by Central Administration OU users. If there are no problems, change the Directory Database version to 6.0 setting for the following OUs:
Accounting
Marketing
Day 7: All users now have upgraded the SecureLogin application installed.
Review and resolve any issues.
Upgrade the administration workstation.
Day 8: If all issues are resolved successfully, change the directory database version to 3.5 for all remaining OUs.
Ensure that the following OUs are also enabled simultaneously to provide service for mobile and Kiosk users:
Manufacturing
Purchasing
The changeover is planned to occur at midnight and all users have been requested to log out prior to or at this time and wait until 12.10 am before logging back in.
Day 9: Migration is completed. Review of the migration plan commences.