/
Migrating a Windows MSI instance to another server

Migrating a Windows MSI instance to another server

This process is not endorsed by the Shibboleth project and should be treated with caution as it may not be appropriate in all situations and may introduce unexpected side effects.

Test, test and test again!

In some circumstances, it may be desirable to migrate an instance of the Shibboleth Identity Provider, which was installed using the MSI method, to another server. For instance when migrating to a new Windows Server version and not wanting to do an in-place upgrade or when wanting to make an existing service more resilient.

A process which, while not having been extensively tested, could be used as a template for doing so is below.

The variable %{msi-base} refers to the installation base, typically C:\Program Files (x86)\Shibboleth. You will also need copies of the currently installed MSI package and, optionally, the latest MSI package.

  1. Run %{msi-base}\IdP\bin\version and note the currently installed version number.

  2. Using the currently installed version’s MSI installer, follow a fresh Install procedure on the new server. The decision about whether or not to configure for AD is immaterial. Stop the newly installed Shibboleth IdP service

  3. Zip up %{msi-base} from the old server and copy to new server.

  4. Remove the freshly installed (new) %{msi-base} and unzip the copied archive in its place.

  5. Re-run the MSI installer using the Repair option.

  6. Start the service and check the idp-warn.log for any unexpected messages.

  7. Functionally check the IdP (using aacli and, for example, a hosts file override but remember to remove it later!)

  8. (Optional) Upgrade the IdP as per normal (and test again)

 

Related content

Example 4.1 Upgrade
Example 4.1 Upgrade
Read with this
IdP2Upgrade
IdP2Upgrade
More like this
WindowsInstallation
WindowsInstallation
More like this
Installation
Installation
More like this
Shibboleth IdP Probe
Shibboleth IdP Probe
More like this
Using SAML Proxying in the V4 Shibboleth IdP to connect with Azure AD
Using SAML Proxying in the V4 Shibboleth IdP to connect with Azure AD
More like this