Technical Notes

This technical note describes how to migrate to Reflection for Secure IT Windows Server version 7.1 or higher from Reflection for Secure IT Windows Server 7.0, 6.x, or F-Secure SSH Server for Windows.

Upgrading to Reflection for Secure IT version 7.1 or Higher from 7.0

If you are upgrading an existing installation of Reflection for Secure IT version 7.0, note the following:

• If the server is running when you apply the upgrade, the installer stops the service and any existing client connections are disconnected.
• We recommend that you back up your server configuration file before upgrading. The backup will be useful if you want to revert to an earlier version at some point in the future.
• After applying the upgrade, you need to restart Windows to complete the installation.

Automatic Migration of Reflection for Secure IT 6.x and F-Secure Settings

When you install Reflection for Secure IT Windows Server 7.1 or higher on systems with Reflection for Secure IT version 6.x or an F-Secure server, Reflection for Secure IT automatically migrates your current identity (host key and certificates) and settings.

Note: You can have both products (a 6.x version and a 7.x version) installed on the same system at the same time, and both can be running if each product listens on a unique port.

Version 7.1 introduces some changes to the key and configuration files.

Key Location

Keywords that have default values are added to the new configuration, while keywords that do not have default values cannot be migrated and are logged as “missing.” When Reflection for Secure IT 7.1 is started, warning messages for the missing keywords appear in the validation log (\Documents and Settings\All Users\Application Data\Attachmate\RSecureServer\Logs\Server_Validation.log).

Not all of the keywords from version 6.x are supported. Check the migration log for details.

Existing host keys (hostkey and hostkey.pub by default) are copied to the new key location, so you don't need to make any changes to clients that are configured to trust your current host key.

Configuration File in Version 7.1

Settings in your earlier version’s sshd2_config file are migrated to Reflection for Secure IT version 7.1’s XML configuration file, named rsshd_config.

For information about how to read the XML server settings file, see Technical Note 2289.

Migration Log File

Migration information is saved to the migration log file when the Reflection for Secure IT version 7.x console is started and version 6.x is not running. If Reflection for Secure IT version 6.x is running and using the same port (22), the migration log is not created. Only a manual migration (rsshd with –m option) will create the migration log.

Password Cache File

If you used a password cache, cached passwords are migrated from rsitdapc to the version 7.1 password cache files, RSIT_Cache and RSIT_Cache.bin. (RSIT_Cache contains cached passwords and RSIT_Cache.bin contains the private host key file for decryption.)

This migration occurs the first time you:

• Start the server console. This triggers the migration of keys and settings without automatically starting the server.

• Start the Attachmate Reflection for Secure IT Server service. When you restart Windows, the service starts automatically. This triggers the migration and starts the server using the migrated key and settings. (You can also start the service manually using the rsshd command line or using the Windows Computer Management console.)

Notes about Automatic Migration

• Automatic migration will not take place if you have already uninstalled your prior version.
• It is possible to run both version 7.x and 6.x on the same computer. To test version 7.1 or higher before uninstalling the earlier version, either stop the earlier version service, or configure version 7.1 or higher to use a different port. (See Migration Example for Testing below.)
• If you have an existing XML settings file, the server will not migrate the settings from a previous version’s settings file. This enables you to configure a single settings file and install it onto multiple servers.
• You can manually migrate settings using the rsshd command line utility with the -m option.

Migration Example for Testing

While testing, you can leave your older 6.x product installed and listening on default port 22. When you install the new 7.x product, use port 2222. After testing is complete, shut down the old product and change the port in Reflection for Secure IT version 7.1 or higher to 22. Migration of settings occurs one time, during installation.

Note: Any changes that you make to the old product while testing or running both products at the same time will not be carried forward to the new product.

Additional Resources

Migrated Settings. When you install Reflection for Secure IT on systems with a Reflection 6.x server or F-Secure SSH server, supported settings are migrated to the new XML configuration file. For a summary of which settings are supported and how settings are migrated to the newer XML format, see the "Table of Migrated Settings" topic in the Reflection for Secure IT User Guide: http://docs.attachmate.com/reflection/rsit-ssh/7.2/winserver/en/help/migrated_settings_rf.htm.

Reflection for Secure IT Documentation is available on the Attachmate Support site at http://support.attachmate.com/manuals/sshdocs.html.