After you import the configuration from VMware Identity Manager 19.03 on Windows to Workspace ONE Access 20.01 on Linux, perform some post-migration procedures on your new Linux deployment.

1. Change the default Linux appliance passwords.
   1. Use the default password of vmware to log in to the configuration page of the primary Workspace ONE Access node at https://WS1AccessHostnameFQDN:8443/cfg/certproxy.
   2. To change the admin password, select Change Password. To change the root and sshuser passwords, select System Security.
      Important: The admin user password must be at least six characters in length.
   3. Enter the new password.
   4. Click Save.
2. Use the new admin password to log in to the Workspace ONE Access console at https://WS1AccessHostnameFQDN.
3. To confirm that your newly created Linux node exists and is functioning properly and that the Windows nodes no longer exist, review the system diagnostics information.
   1. In the Workspace ONE Access console, select Dashboard > System Diagnostics Dashboard.
   2. Confirm that the new Linux node is listed in a healthy state.
      The node is represented on the page by a box that includes the FQDN (such as WS1AccessHostnameFQDN) of the node, a health-status symbol, and a VA Configuration link. If the health-status symbol is a green check mark, the node is healthy.
   3. Confirm that the Windows node is not listed.
4. If your Windows deployment uses Certificate (Cloud Deployment) authentication, update the runtime-config.properties file on the Linux appliance to continue using certificate authentication.
   1. Log in to VMware Identity Manager 19.03 on Windows and note the certificate authentication port_number value of the components.certauth.port=port_number setting in the INSTALL_DIR\usr\local\horizon\conf\runtime-config.properties file.
   2. Log in to the Workspace ONE Access 20.01 for Linux and edit the port_number value of the components.certauth.port=port_number setting in the /usr/local/horizon/conf/runtime-config.properties file to match the 19.03 value.
   3. Save the file.
   4. Restart the machine.
      service horizon-workspace restart
5. If your VMware Identity Manager 19.03 on Windows deployment used a cert proxy configuration, configure the Mobile SSO page in the Workspace ONE Access console to update the IP addresses of approved endpoints in the Accept RemotePort From text box.
   To access the Mobile SSO page, log in to the Workspace ONE Access console for the primary node and change the URL to https:// WS1AccessHostnameFQDN:8443/cfg/certproxy.
6. If your deployment includes a single node without a load balancer and is integrated with Horizon, update the Horizon Connection Server with the new FQDN of the Workspace ONE Access service.
7. If your Windows deployment used an HTTP proxy server, use the YaST utility to enable the proxy settings on the Linux system.
   The migration process copies the proxy details to the new Linux host in the /usr/local/horizon/bin/proxyConfig.txt file, but does not enable the proxy settings. To enable the proxy settings on the Linux system, perform the following steps .
   1. From the vSphere Client, log in to the Workspace ONE Access virtual appliance as the root user.
   2. To run the YaST utility, enter YaST on the command line.
   3. Select Network Services in the left pane, then select Proxy.
   4. Enter the proxy server URLs in the HTTP Proxy URL and HTTPS Proxy URL text boxes.
   5. Select Finish and exit the YaST utility.
   6. To use the new proxy settings, restart the Tomcat server on the Workspace ONE Access virtual appliance .
      service horizon-workspace restart
8. If your deployment includes a Workspace ONE Access cluster, clone the Workspace ONE Access Linux virtual appliance as necessary to create the cluster.
9. Configure the SSL certificates for the Workspace ONE Access service.
   By default, self-signed certificates are generated for your Workspace ONE Access Linux deployment, but self-signed certificates are not considered sufficiently secure for production environments.
   • Use the default self-signed certificates.

     Only recommended for testing purposes. Copy the root certificate from the new Linux service node and upload it to the truststore of the connector.

   • Upload SSL certificates signed by a public Certificate Authority (CA).

     Recommended for production environments. See information about installing an SSL certificate for the Workspace ONE Access service in the Installing and Configuring VMware Workspace ONE Access guide.

10. If your deployment consists of a single node without a load balancer, perform the following steps.
    1. If you are using a different FQDN for your Linux nodes than for your Windows nodes (the preferred practice), download and run the script to update your connector instances with the new service hostname.
       1. Download the Update Connector Configuration Script from the Workspace ONE Access 20.01 download page on the My VMware site at my.vmware.com to the INSTALL_DIR/Connector/support directory. Where INSTALL_DIR is a placeholder for the installation directory.

          The file downloads as update-fqdn-configstate.tgz.

       2. Uncompress the update-fqdn-configstate.tgz file.
       3. Run the update-fqdn-configstate.bat command and provide the old and new hostnames as prompted.
    2. Restart the connector instance.
       For example, using the Windows Services window, select VMware IDM Connector and click " Restart the service."
    3. Enable the new Workspace ONE portal.
       1. Log into the Workspace ONE Access console at https://WS1AccessHostnameFQDN/admin.
       2. Select Catalog > Settings.
       3. Select New End User Portal UI in the left pane and click Enable New Portal UI.