Skip to main content
M
mprasad12-Amethyst
12-Amethyst
July 4, 2025
Solved

Windchill PDMLink from 11.1 (On Prem) to 12.1 (AWS Cloud) upgrade WindchillDS related queries

  • July 4, 2025
  • 1 reply
  • 608 views

Source: Windchill 11.1 MO20

Target : Windchill 12.1.0

 

Question --The source system uses windchillDS for authencitcation, as i understand the target system does not support windchillDS , also the taget system is on AWS ,.Then what options we have , shall we migrate it to openDS or to some AWS services , kindly suggest. 

 

 

Best answer by mmeadows-3

Upgrade and changing LDAP providers are two separate tasks.  The upgrade from 11.1 to 12.1 must use WindchillDS.  So, plan to do the upgrade on premise.  Once upgraded, rehost Windchill into the AWS environment and redirect user accounts from WinchillDS to the target LDAP service provider.

 

According to PTC, provided it is a v3 compliant LDAP, the target LDAP is up to your IT department and security policies.  WindchillDS will still work with Windchill 12.1, but PTC no longer supports WindchillDS and does not encourage using it in production with Windchill 12.1 and later.  OpenDJ is the foundation of WindchillDS and the natural standalone LDAP replacement.  It is possible to export the users' DNs from Windchill DS and import into OpenDJ (see my lengthy post half way through this thread).  But only the community edition is available.  If your IT policy forbids open source software, you may need another option independent LDAP option as discussed in this thread.

 

Most companies we support are switching from an independent Windchill LDAP server to the corporate LDAP server.  They are using Windows credentials and sometimes setting up Single Sign On for logging into Windchill.  This transition requires converting the Windchill user accounts in the database from WindchillDS to the corporate LDAP (e.g. Active Directory).  A key performance requirement in these configurations is to ensure the LDAP response times are fast and fault tolerant.  Windchill performance and stability will suffer if a US based Windchill server has to go to the EU to validate user accounts.  Pointing to two identical nodes or an LDAP load balancer helps avoid outages when one node goes down.

 

WindchillDS didn't require cleanup or deletion of old accounts.  So, the first step (even before upgrade) is to determine what accounts are no longer in use, clean them up and delete them from Windchill and LDAP.  Someone at the company should know who is still there and who is gone.  You can use a last login report to make it easier to identify inactive accounts.  After cleanup, you only have to worry about migrating the active accounts from WindchillDS to the target LDAP (CS341008).

1 reply

M
mmeadows-316-PearlAnswer
16-Pearl
July 5, 2025

Upgrade and changing LDAP providers are two separate tasks.  The upgrade from 11.1 to 12.1 must use WindchillDS.  So, plan to do the upgrade on premise.  Once upgraded, rehost Windchill into the AWS environment and redirect user accounts from WinchillDS to the target LDAP service provider.

 

According to PTC, provided it is a v3 compliant LDAP, the target LDAP is up to your IT department and security policies.  WindchillDS will still work with Windchill 12.1, but PTC no longer supports WindchillDS and does not encourage using it in production with Windchill 12.1 and later.  OpenDJ is the foundation of WindchillDS and the natural standalone LDAP replacement.  It is possible to export the users' DNs from Windchill DS and import into OpenDJ (see my lengthy post half way through this thread).  But only the community edition is available.  If your IT policy forbids open source software, you may need another option independent LDAP option as discussed in this thread.

 

Most companies we support are switching from an independent Windchill LDAP server to the corporate LDAP server.  They are using Windows credentials and sometimes setting up Single Sign On for logging into Windchill.  This transition requires converting the Windchill user accounts in the database from WindchillDS to the corporate LDAP (e.g. Active Directory).  A key performance requirement in these configurations is to ensure the LDAP response times are fast and fault tolerant.  Windchill performance and stability will suffer if a US based Windchill server has to go to the EU to validate user accounts.  Pointing to two identical nodes or an LDAP load balancer helps avoid outages when one node goes down.

 

WindchillDS didn't require cleanup or deletion of old accounts.  So, the first step (even before upgrade) is to determine what accounts are no longer in use, clean them up and delete them from Windchill and LDAP.  Someone at the company should know who is still there and who is gone.  You can use a last login report to make it easier to identify inactive accounts.  After cleanup, you only have to worry about migrating the active accounts from WindchillDS to the target LDAP (CS341008).

    M
    mprasad12-AmethystAuthor
    12-Amethyst
    July 7, 2025

    Thanks, it helps.

    Terms & ConditionsCookie settingsAccessibility statement