Gain new insights by reflecting on the experiences we have encountered.

Based on a migration project finalized in October 2019, we would like to share our advice that will help your RSA Archer upgrade preparation.

The project consisted of the upgrade from RSA Archer 5.5 to RSA Archer 6.x for a large company from the banking sector. Experwtare team handled end-to-end the delivery of the new RSA Archer 6.x platform, preserving and improving the solutions, taking advantage of the improvements offered by the new RSA Archer version.

Solutions in scope: Vulnerability, Risk, Compliance, Enterprise, Issue management, 50 scheduled data feeds (10 - daily, 20 - weekly, 20 - monthly) and another 40 one demand data feeds (PenTest result feeds, QA functional results, firewall exception feeds, etc). There were multiple applications shared across the solutions and millions of records migrated from the legacy database to the new one.

There are several important aspects you must be aware of if you plan a migration from RSA Archer 5.x to version 6.x.

Migration options to be considered

  • 1. In-place upgrade (same servers, upgrade of application and database)
  • 2. Install clean Archer 6.x on new servers (2016/2019), import records from v 5.0 database into new 6.x database, add mandatory fields, repoint data feeds, review applications and workflows.
  • 3. Install clean Archer 6.x on new servers, connect to a v5.x database copy, in-place schema DB upgrade to v6.x, optimize applications and workflows, repoint data feeds.
RSA Archer Scheme

Data import considerations

If you decide to use migration method (B) please consider the following aspects:

  • Distinguish the legacy data (from v5.x0) from the new data feeds hence you must create a new field like Legacy = [Yes/No]
  • For legacy imported data replace default [CreatedDate] with a calculated field so it correctly reflects the real creation date
  • Review and update all workflows to handle legacy imported records (if Legacy do { …} )

Handling data feeds

  • Options B and C imply that the new application accounts (SQLAgent others) will need access to all the locations from where the old Archer 5.x was importing data. Use a checklist to confirm proper access to data feed import locations for the new Arche 6.x import account(s)

Optimizations to be considered

  • Review the referential / master data and align where the need is. You cannot set a correct GRC platform without a solid master data foundation> The list of referential sources must contain data types like Application catalog, Product and Services catalog, Devices, Contacts, Divisions, etc.
  • Use the opportunity to check the logic of various processes. make better use cross-reference fields and inherited record permission. Use advanced workflow capabilities, data-driven events, conditional application layouts.

If you have a similar initiative and you feel that additional hands-on experience is needed, please contact us.