| Oracle® Access Manager Upgrade Guide 10g (10.1.4.0.1) Part Number B25354-01 |
|
|
View PDF |
| Oracle® Access Manager Upgrade Guide 10g (10.1.4.0.1) Part Number B25354-01 |
|
|
View PDF |
If your environment does not include Access System components, you may skip this chapter. Activities in this chapter are intended for administrators responsible to upgrade an earlier Access System components. Topics include:
|
Note: You must upgrade the Access System as described in this chapter before upgrading integration components or an independently installed SDK. |
Before you can use Oracle Access Manager access policies, you must upgrade the Access System components. Activities in this chapter must be completed in the sequence described herein:
After upgrading the schema and data as described in Part II, "Upgrading the Schema and Data"
After upgrading remaining Identity System components as described in Chapter 9, "Upgrading Remaining Identity System Components"
After preparing individual components as described in Chapter 8, "Preparing Components for the Upgrade", which may be performed just before upgrading each specific instance
To upgrade remaining Access System components, you use corresponding 10g (10.1.4.0.1) component installers and specify the same target directory as the existing component.
When your starting 6.5 or 7.x release includes multiple languages, you should upgrade these to retain your existing multiple language functionality.
Figure 10-1 provides an overview of Access System upgrade tasks.
Task overview: Upgrading Access System components includes
Upgrading Remaining Policy Managersis described.
Upgrading Access Servers is described.
Audit to Database: If you have auditing to a database configured in your earlier installation, before restarting the upgraded Access Server service you must perform certain tasks manually to ensure proper auditing in 10g (10.1.4.0.1). See "Upgrading Auditing and Reporting for the Access Server".
Upgrading WebGates is described. This activity does not need to occur all at one time because upgraded Access Servers are automatically backward compatible with earlier WebGates.
Component Upgrade Successful: Proceed to "Backing Up Upgraded Access System Component Directories". This task should be performed after every component successful upgrade to enable you to quickly roll back to this upgrade if needed.
Component Upgrade Not Successful: Proceed to "Recovering From an Access System Upgrade Failure".
|
Note: If you experience problems during any component upgrade, see "Accessing Log Files" and other topics in Appendix F, "Troubleshooting the Upgrade Process". |
The name Policy Manager (formerly known as the Access Manager component) is used throughout this chapter. The master Policy Manager upgrade occurred with the Access System schema and data upgrade.
This discussion is divided into the events and decision points you must respond to when upgrading remaining Policy Manager instances, as shown in Figure 10-2. The updated schema and data is detected automatically and any corresponding messages and events are skipped.
Figure 10-2 Upgrade Process for Remaining Policy Managers
|
Note: If an earlier Policy Manager instance is installed in the same directory as an earlier WebGate on the same machine, you must upgrade the Policy Manager, the all Access Servers that communicate with the WebGate, and the WebGate before restarting the Web server. |
Task overview: Upgrading remaining Policy Managers includes
Before you begin upgrading remaining Policy Managers, check the tasks in Table 10-1 to ensure you have completed these tasks before upgrading each instance in your earlier environment. Failure to complete prerequisites may adversely affect your upgrade.
Table 10-1 Policy Manager Upgrade Prerequisites Checklist
| Checklist | Policy Manager Upgrade Prerequisites |
|---|---|
|
Familiarize yourself with information in Part I, "Introduction" |
|
|
Complete tasks in Part II, "Upgrading the Schema and Data". |
|
|
Perform all tasks in Chapter 9, "Upgrading Remaining Identity System Components". |
|
|
Complete activities in Chapter 8, "Preparing Components for the Upgrade" for this instance, and:
|
In this sequence you start the process, specify the same target directory as the earlier Policy Manager component, and specify languages to upgrade.
Again, the steps here use GUI method and the recommended Automatic mode to illustrate messages you see, responses you give, and the sequence of events. The sample upgrade in this procedure starts from a release 6.1.1. Your starting release and environment may differ.
|
Note: Skip any details that do not apply to your installation. For example if you have a Unix environment, skip Windows details. |
To start the Policy Manager upgrade, and specify a target directory and languages
Confirm that all prerequisites described in "Policy Manager Upgrade Prerequisites" have been completed for this instance.
Stop the Policy Manager Web server instance and log in as a user with the appropriate administrator privileges to update the Oracle Access Manager files.
Locate and launch the installation program using your preferred method:
GUI Method, Windows:
Oracle_Access_Manager10_1_4_0_1_Win32_NSAPI_PolicyManager.exe
Console Method, Solaris:
./Oracle_Access_Manager10_1_4_0_1_sparc-s2_NSAPI_PolicyManager
The Welcome screen appears.
Dismiss the Welcome screen as directed, then respond to the administrator question based upon your platform.
Choose the directory where you installed the earlier release, then continue as directed.
Accept the upgrade by clicking Yes, then click Next
Ensure that a check mark appears beside English and any other languages you have installed, then click Next.
Confirm the languages listed by clicking Next.
Record the time-stamped directory name, then click Next to continue.
Note the amount of disk space required, then click Next to start the file extraction into the target directory.
You are asked to specify a mode for the upgrade process: Automatic or Confirmed.
If you are using Console method, the installation script exits and a transcript appears. Run the command in the transcript then continue with step 9. (On Unix, the command is printed to a file (start_migration), and a message is printed to run this file.)
Press the number of your choice., then review messages that appear. For example:
1
Creating orig folders ... ---------------------------------------------------- Copying general configuration files OK. ---------------------------------------------------- Updating parameter catalogs ... OK. ----------------------------------------------------
Continue with "Upgrading Policy Manager and Web Server Configuration Files".
During this sequence the component-specific upgrade is performed. With the Policy Manager, this includes Web server configuration updates and upgrades for Policy Manager configuration parameters.
The following procedure provides only an abbreviated set of messages to give you an idea of what to expect. Your environment will vary.
To upgrade the Web Server and Policy Manager
Review messages and respond appropriately for your environment when asked.
------------------------------------- Updating web server configuration files... Connecting to server ...Done. OK. ------------------------------------- Updating component-specific configuration files... OK. ------------------------------------- Starting migration ( 6.5.0 -> 7.0.0 )... ------------------------------------- Please type 'yes' to proceed:
Continue with component-specific configuration for release 7.0 or 10g (10.1.4.0.1), if needed.
Enter Updating component-specific configuration files.
Review the message to confirm the upgrade finished successfully.
Directory permissions copied ... C:\NetPoint\WebComponent\access_20060223_190102\oblix)
C:\NetPoint\WebComponent\access\oblix)
---------------------------------------------------
Migration has completed successfully!
Press <ENTER> to continue.
When this phase completes, continue as instructed, then proceed to "Finishing and Verifying the Policy Manager Upgrade".
You finish the upgrade as described in this procedure.
To finish the Policy Manager upgrade
Apply any changes to the Web server configuration file, if needed.
|
Important: If an earlier Policy Manager component is installed in the same directory as an earlier WebGate on the same machine, you must upgrade the Policy Manager, the all Access Servers that communicate with the WebGate, and the WebGate before restarting the Web server. |
Start the Web server to confirm that this upgrade was successful.
Policy Manager Web Server Does Not Start: See Appendix F, "Troubleshooting the Upgrade Process".
View Policy Manager migration log files to see if they contain any errors. See "Accessing Log Files".
Upgrade Successful: Perform activities in "Backing Up Upgraded Access System Component Directories" for this instance, then continue upgrading remaining Policy Managers.
Upgrade Not Successful: Proceed to "Recovering From an Access System Upgrade Failure".
When all Policy Managers are upgraded and backed up, proceed with "Upgrading Access Servers" next.
This discussion is divided into the events and decision points you will encounter when upgrading Access Server instances, as shown in Figure 10-3. There is no Web server involved in Access Server upgrades.
Figure 10-3 Access Server Upgrade Process and Tasks
Task overview: Upgrading the Access Server includes
Before you begin upgrading the Access Server, check the tasks inTable 10-2 to ensure you have completed these tasks. Failure to complete prerequisites may adversely affect your upgrade.
Table 10-2 Access Server Upgrade Prerequisites Checklist
| Checklist | Access Server Upgrade Prerequisites |
|---|---|
|
Upgrade the Schema and Data Part II, "Upgrading the Schema and Data" |
|
|
Upgrade all Identity System Components as described in Chapter 9, "Upgrading Remaining Identity System Components" |
|
|
Upgrade all Policy Managers as described in "Upgrading Remaining Policy Managers". |
|
|
Complete activities in Chapter 8, "Preparing Components for the Upgrade" for this instance, and:
|
The sample upgrade here starts from an existing Oracle Access Manager 6.1.1 installation. Again, you specify the same target directory as the earlier component, and languages to upgrade.
To start the Access Server upgrade and specify a target directory and languages
Confirm that all prerequisites described in "Access Server Upgrade Prerequisites" have been completed.
Log in as a user with the appropriate administrator privileges to update the Oracle Access Manager files.
Stop the Access Server service.
Locate and launch the program in your preferred method:
GUI Method, Windows:
Oracle_Access_Manager10_1_4_0_1_Win32_AccessServer.exe
Console Method, Solaris:
./Oracle_Access_Manager10_1_4_0_1_sparc-s2_AccessServer
The Welcome screen appears.
Dismiss the Welcome screen, then r.espond to the next question based upon your platform.
Choose the directory where you installed the earlier component, then click Next.
Accept the upgrade by clicking Yes, then click Next.
Select a default administrator language from the list, and any others you are upgrading.
Ensure that a check mark appears beside English and any other languages you are upgrading, then click Next.
Confirm the languages, and click Next.
Record the time-stamped directory name, then click continue as directed.
Start the file extraction into the target directory.
Proceed to "Upgrading Access Server Configuration Files".
This sequence includes upgrading message and parameter catalogs, creating a directory profile for the Access Server, and completing the component configuration upgrade.
This example starts from Oracle Access Manager 6.1.1. If you started with another release, numbers in the following sequence will differ.
To upgrade the Access Server configuration files
Type a 1 to use Automatic mode (or 2 for Confirmed mode), then review and respond to messages as they appear. For example:
1
Messages begin.
Creating orig folders... ------------------------------------- Copying general configuration files... OK. ------------------------------------- Updating parameter catalogs... OK. ------------------------------------- Starting migration ( 6.1.1 -> 6.5.0 )... DBProfiles created. ------------------------------------- Updating component-specific configuration files... OK. Please note the name of the Oracle Access Manager Access Server service : NetPoint AAA Server (aaa-viking) OK. ------------------------------------- Starting migration ( 6.5.0 -> 7.0.0 )... ------------------------------------- Updating component-specific configuration files... OK. Please note the name of the Oracle Access Manager Access Server service : NetPoint AAA Server (aaa-viking) OK. ------------------------------------- Starting migration ( 7.0.0 -> 10.1.4 )... ------------------------------------- Updating component-specific configuration files... OK. ------------------------------------- Migration has completed successfully! Press <ENTER> to continue: -------------------------------------
Record the name of the Access Server service, then press Enter.
Press Enter.
This completes the sequence, and the usual ReadMe information appears.
You finish the upgrade of each instance as described in the next procedure.
|
Caution: If you have auditing to a database configured in your earlier environment, before restarting the Access Server service be sure to complete appropriate activities in "Upgrading Auditing and Reporting for the Access Server". |
To finish the Access Server upgrade
Auditing and Access Reporting: If your earlier installation included auditing and access reporting, go immediately to "Upgrading Auditing and Reporting for the Access Server" before performing step 2.
Start the Access Server service. For example, if you do not store the server password in the password.lst file, use the following command:
start_access_server -P mypassword port -d -t 61
Certain command options may disable the hide option and cause a password to appear in the command line.
Provide the password at the prompt, if needed.
On an IBM SecureWay directory server, the next time you start the Access Server it may take a few minutes for the dialog requesting the PEM pass phrase to appear.
Access Server Service Does Not Start: See Appendix F, "Troubleshooting the Upgrade Process".
View Access Server migration log files to see if they contain any errors. See "Accessing Log Files".
Upgrade Not Successful: Proceed to "Recovering From an Access System Upgrade Failure".
Upgrade Successful: Perform activities in "Backing Up Upgraded Access System Component Directories" for this instance, then repeat the procedure to upgrade all Access Servers in your environment.
After upgrading all Access Servers, you may continue with:
Upgrading WebGates, next.
For other options, see "Looking Ahead".
Oracle recommends that you upgrade all WebGates. However, this does not need to occur all at one time. As mentioned before, earlier WebGates can communicate with upgraded Access Servers, which have backward compatibility automatically enabled during the upgrade. For details, see "Access System Behavior Changes".
Before you start upgrading WebGates, however, be aware of the following important changes. When you upgrade a WebGate, the WebGateStatic.lst configuration file is removed. Configuration parameters that resided in this file move to the directory server and are made available through the AccessGate Configuration function in the Access System Console.
During a WebGate upgrade, the upgrade tool communicates with the Access Server to send configuration information from the WebGatestatic.lst file to be written to the directory server. A temporary directory profile was created following the master Policy Manager upgrade for this purpose.
If WebGate configuration parameters do not migrate properly, you will not be able to add or change parameter values using the AccessGate Configuration function in the Access System Console. Following a WebGate upgrade, you cannot continue to use the WebGatestatic.lst file. For details about configuring WebGates, see the Oracle Access Manager Identity and Common Administration Guide for details. For more information about WebGate changes, see "WebGates".
The procedures needed to guide you through a WebGate upgrade are provided next and shown in Figure 10-4. There is no update to the schema and data.
Task overview: Upgrading the WebGate includes
Before you begin upgrading the WebGate, check the tasks in Table 10-3 to ensure you have completed these tasks.
Failure to complete prerequisites may adversely affect your upgrade.
Table 10-3 WebGate Upgrade Prerequisites Checklist
| Checklist | WebGate Upgrade Prerequisites |
|---|---|
|
Upgrade the Schema and Data Part II, "Upgrading the Schema and Data" |
|
|
Upgrade all Identity System Components as described in Chapter 9, "Upgrading Remaining Identity System Components" |
|
|
Confirm that all Policy Managers are successfully upgraded, as described in "Upgrading Remaining Policy Managers". |
|
|
Confirm that all Access Servers are successfully upgraded, as described in "Upgrading Access Servers". |
|
|
Complete activities in Chapter 8, "Preparing Components for the Upgrade" for this instance, and:
|
This is the same process as other upgrades you have completed. You start the upgrade, specify the same target directory as the earlier WebGate, and indicate the languages to upgrade. The sample here starts from release 6.1.1. Your environment may vary.
To launch the WebGate upgrade, and specify a target directory and languages
Confirm that all prerequisites described in "WebGate Upgrade Prerequisites" have been completed.
Stop the WebGate Web server instance, then log in as a user with the appropriate administrator privileges to update the Oracle Access Manager files.
Locate and launch the program in your preferred method:
GUI Method, Windows:
Oracle_Access_Manager10_1_4_0_1_Win32_NSAPI_WebGate.exe
Console Method, Solaris:
./Oracle_Access_Manager10_1_4_0_1_sparc-s2_NSAPI_WebGate
The Welcome screen appears.
Dismiss the Welcome screen as instructed, then respond to the administrator question based upon your platform.
Choose the directory where you installed the earlier WebGate, then continue as directed.
Accept the upgrade, then continue.
Ensure that a check mark appears beside English and any other languages you have installed, then continue.
Confirm the languages that will be upgraded and continue.
Record the time-stamped directory name, then continue.
Note the amount of disk space required, then click Next.
You complete activities according to the method you have chosen for the upgrade and respond as needed to continue.
|
Note: On Windows, the path to directory security permissions is logged in obmigratenp.log. |
Proceed to "Upgrading WebGate and Web Server Configuration Files".
During this sequence the WebGate configuration files, and Web server configuration upgrades occur. Very little input from you is required during this automated process.
To upgrade the WebGate and Web server configuration files
Type a 1 to continue in Automatic mode (or 2 for Confirmed mode), then review and respond to messages as they appear. For example:
1
Messages scroll by as the process continues.
Creating orig folders... ------------------------------------- Copying general configuration files... OK. ------------------------------------- Updating parameter catalogs... OK. ------------------------------------- Starting migration ( 6.1.1 -> 6.5.0 )... ----------------------------- Updating component-specific configuration files... OK. ------------------------------------- Starting migration ( 6.5.0 -> 7.0.0 )... ------------------------------------- Updating web server configuration files... OK. ----------------------------- Updating component-specific configuration files... OK. ------------------------------------- Starting migration ( 7.0.0 -> 10.1.4 )... ------------------------------------- Updating web server configuration files... OK. ----------------------------- Updating component-specific configuration files... OK. ------------------------------------- Starting the WebgateStatic.lst Migration ... Completed the WebgateStatic.lst Migration successfully. OK. Directory permissions copied... C:\NetPoint\access\webcomponent-iis\access_20040426_164541\oblix ) -> ( C:\NetPoint\access\webcomponent-iis\access\oblix ) ------------------------------------- Migration has completed successfully! Press <ENTER> to continue: -------------------------------------
Continue as directed, then proceed to "Finishing and Verifying the WebGate Upgrade".
There are a few differences when finishing the WebGate upgrade, relative to other component upgrades. For example, you need to ensure that the Access Management service for the WebGate is turned off.
Apply any changes to the Web server configuration file, if needed.
Turn off the Access Management service for this WebGate: In the Access System Console, click Access System Configuration, then click AccessGate Configuration and click the link for the WebGate and see the Oracle Access Manager Access Administration Guide for details.
Start the WebGate Web server.
WebGate Web Server Does Not Start: See Appendix F, "Troubleshooting the Upgrade Process".
View WebGate migration log files to see if they contain any errors. See "Accessing Log Files".
Confirm that the WebGate performs as expected and that your 10g (10.1.4.0.1) environment is working. For more information, see Chapter 4, "System Behavior and Backward Compatibility".
Upgrade Successful: Perform activities in "Backing Up Upgraded Access System Component Directories" for this instance, then continue upgrading earlier WebGates.
Upgrade Not Successful: Proceed to "Recovering From an Access System Upgrade Failure".
Continue upgrading WebGates or proceed to "Looking Ahead".
As mentioned earlier, Oracle recommends that you finish each component upgrade by backing up the 10g (10.1.4.0.1) component directory after verifying that it is working properly. This will enable you to easily restore your environment to the newly upgraded state should that be a requirement.
To back up critical information after the upgrade
Back up the 10g (10.1.4.0.1) component directory and store it in a new location.
Web Server: Back up the upgraded Web server configuration file, if needed, using your vendor documentation as a guide.
Windows: Back up Windows registry data, if required, as described in "Backing Up Windows Registry Data".
Proceed to "Looking Ahead".
If the component was not successful, you may perform the following steps to rollback this upgrade, then try again.
To recover from an unsuccessful Access System component upgrade
Restore the earlier component installation directory that you backed up before the upgrade (to recover the earlier environment), then back it up again. You will retain one of the earlier directories as a backup copy and use one to restart the upgrade.
Web Server: Restore the backed up Web server configuration file, if required for this component (Policy Manager or WebGate).
Windows: Restore the backed up registry for the component, if needed for this instance.
Using a backup copy of your earlier component installation directory (and Web server configuration, if needed), restart the component upgrade as described in this chapter.
Upgraded Access System components send and receive information sent in UTF-8 encoding. Earlier components send and receive data in Latin-1 encoding. When all earlier Access System components are successfully upgraded, proceed as follows:
For more information about expected system behaviors, see Chapter 4, "System Behavior and Backward Compatibility".
