B Upgrading High Availability Configurations

This chapter describes considerations, restrictions, and recommended procedures for upgrading an Oracle Application Server environment that has been configured for high availability.

This chapter contains the following sections:

Summary of High Availability Upgrade Options, Restrictions, and Prerequisites
Upgrading an OracleAS Cold Failover Cluster Infrastructure
Transforming 10g (9.0.4) Rack-Mounted Identity Management
Transforming a Distributed 10g (9.0.4) Rack-Mounted Identity Management Environment
Upgrading an OracleAS Cluster (Identity Management) 10g Release 2 (10.1.2) Colocated Configuration
Upgrading an OracleAS Cluster (Identity Management) 10g Release 2 (10.1.2) Distributed Configuration

B.1 Summary of High Availability Upgrade Options, Restrictions, and Prerequisites

Oracle Application Server 10g (9.0.4) introduced high availability configurations that you could install as part of the Oracle Application Server installation procedure. These configurations were also available as part of 10g Release 2 (10.1.2.0.0), 10g Release 2 (10.1.2.1.0), and 10g Release 2 (10.1.2.0.2).

Table B-1 shows the upgrade paths supported for the high availability configurations.

Table B-1 Summary of the High Availability Upgrade Options

Existing Configuration	Upgrade Path	More Information
10g (9.0.4) and 10g Release 2 (10.1.2) Oracle Application Server Cold Failover Clusters	Upgrade to Oracle Application Server Cold Failover Clusters for 10g (10.1.4.0.1).	Section B.2, "Upgrading an OracleAS Cold Failover Cluster Infrastructure"
10g (9.0.4) Rack-Mounted Identity Management	Transform the environment into a 10g (10.1.4.0.1) OracleAS Cluster (Identity Management) environment.	Section B.3, "Transforming 10g (9.0.4) Rack-Mounted Identity Management"
10g (9.0.4) Distributed Rack-Mounted Identity Management	Transform the environment into a 10g (10.1.4.0.1) OracleAS Cluster (Identity Management) environment.	Section B.4, "Transforming a Distributed 10g (9.0.4) Rack-Mounted Identity Management Environment"
10g Release 2 (10.1.2) colocated OracleAS Cluster (Identity Management)	Upgrade the cluster to OracleAS Cluster (Identity Management) 10g (10.1.4.0.1)	Section B.5, "Upgrading an OracleAS Cluster (Identity Management) 10g Release 2 (10.1.2) Colocated Configuration"
10g Release 2 (10.1.2) Distributed OracleAS Cluster (Identity Management)	Upgrade the distributed Oracle homes to OracleAS Cluster (Identity Management) 10g (10.1.4.0.1)	Section B.6, "Upgrading an OracleAS Cluster (Identity Management) 10g Release 2 (10.1.2) Distributed Configuration"
Disaster Recovery	Upgrade the production site and the standby site separately.	"Oracle Application Server Disaster Recovery" in the Oracle Application Server High Availability Guide

The procedures provided in this chapter assume that you used the Oracle Application Server 10g (9.0.4) or 10g Release 2 (10.1.2) installation guide (depending upon the upgrade options you select) to install and configure your high availability configuration and that you have met all of the prerequisites described in the 10g (9.0.4) or 10g Release 2 (10.1.2) installation guide.

For example, the procedure for upgrading your Oracle Application Server Cold Failover Clusters assumes that you have already installed and configured Microsoft Cluster Server (MSCS) and that you have obtained a virtual address to associate with the cluster. A virtual address consists of a virtual hostname and an IP address. Clients access the OracleAS Cold Failover Cluster using the virtual hostname. The virtual address is in addition to each node's own hostname and IP address.

These procedures also assume you are using the seed database that was installed automatically with the 10g (9.0.4) or 10g Release 2 (10.1.2) installation procedure or with the OracleAS RepCA.

See Also:

The Oracle Application Server 10g (9.0.4) installation guide for your platform, which is available as part of the platform-specific documentation library on the Oracle Technology Network:

http://www.oracle.com/technology/documentation/appserver10g.html

The Oracle Application Server 10g Release 2 (10.1.2) installation guide for your platform, which is available as part of the platform-specific documentation library on the Oracle Technology Network:

http://www.oracle.com/technology/documentation/appserver101402.html

B.2 Upgrading an OracleAS Cold Failover Cluster Infrastructure

The following sections describe how to upgrade an OracleAS Cold Failover Cluster infrastructure:

Overview of the OracleAS Cold Failover Cluster Infrastructure Upgrade
Backing Up the Source OracleAS Cold Failover Cluster Infrastructure
Preparing to Upgrade to 10g (10.1.4.0.1) From Node 1
Upgrading to 10g (10.1.4.0.1) From Node 1
Cleaning Up the OracleAS Cold Failover Cluster Infrastructure on Node 1
Configuring the Windows Registry, Oracle Inventory, and Services on Node 2
Special Instructions for Updating Node 2 When Using Asymmetrical Configurations
Using MRUA to Upgrade the OracleAS Metadata Repository from Node 2
Performing Required Post-Upgrade Procedures for the OracleAS Cold Failover Cluster

B.2.1 Overview of the OracleAS Cold Failover Cluster Infrastructure Upgrade

This section provides an outline of the steps you must perform to upgrade your OracleAS Cold Failover Cluster environment to 10g (10.1.4.0.1).

Note that this procedure assumes that your OracleAS Cold Failover Cluster consists of two nodes (Node 1 and Node 2) and a single shared disk that is used by both nodes. The procedure also assumes that you use Microsoft Cluster Administrator to manage the cluster environment.

Table Table B-2 summarizes the major steps in the OracleAS Cold Failover Cluster upgrade process.

Table B-2 Summary of OracleAS Cold Failover Cluster Upgrade Process

Step	Description	Detailed Instructions
1	Back up the existing OracleAS Cold Failover Cluster Infrastructure.	Section B.2.2, "Backing Up the Source OracleAS Cold Failover Cluster Infrastructure"
2	From Node 1, prepare to upgrade the Infrastructure.	Section B.2.3, "Preparing to Upgrade to 10g (10.1.4.0.1) From Node 1"
3	From Node 1, use Oracle Universal Installer to upgrade the Infrastructure on the shared disk to 10g (10.1.4.0.1).	Section B.2.4, "Upgrading to 10g (10.1.4.0.1) From Node 1"
4	From Node 1, clean up the OracleAS Infrastructure upgrade and prepare to update Node 2.	Section B.2.5, "Cleaning Up the OracleAS Cold Failover Cluster Infrastructure on Node 1"
5	From Node 2, configure the Windows registry, Oracle inventory, and required Windows services.	Section B.2.6, "Configuring the Windows Registry, Oracle Inventory, and Services on Node 2"
6	From Node 2, use the Metadata Repository Upgrade Assistant (MRUA) to upgrade the OracleAS Metadata Repository.	Section B.2.8, "Using MRUA to Upgrade the OracleAS Metadata Repository from Node 2"
7	Perform the post-upgrade procedures, which are described in the 10g (10.1.4.0.1) Oracle Application Server Installation Guide.	Section B.2.10, "Performing Required Post-Upgrade Procedures for the OracleAS Cold Failover Cluster"

B.2.2 Backing Up the Source OracleAS Cold Failover Cluster Infrastructure

Before you upgrade the Infrastructure it is important that you perform a full backup of the entire OracleAS Cold Failover Cluster environment. You will use this backup to restore the source Infrastructure later in the upgrade procedure.

Caution:

You must back up the source Infrastructure directories before you start the upgrade process.

Later in the upgrade procedure, you will be asked to restore the directories to their previous state. If a valid backup of the source Infrastructure is not available, you will not be able to complete the upgrade to 10g (10.1.4.0.1).

To backup the OracleAS Cold Failover Cluster infrastructure:

Start the Microsoft Cluster Server (MSCS) Cluster Adminstrator.

Windows 2000: Start > Programs > Administrative Tools > Cluster Administrator

Windows 2003: Start > Administrative Tools > Cluster Administrator

Take the Oracle Application Server resources offline:

In the left pane of Cluster Administrator, expand the Groups folder and select the name of the cluster group that contains your Oracle Application Server resources.

For example, if you named the cluster group as904, then click as904.
In the right pane, take each of the resources shown in Table B-3 offline by right-clicking the resource and then selecting Take Offline from the context menu.

Table B-3 Oracle Application Server Services and Corresponding Cluster Administrator Resources

Service	Format of Service Name	Format of Resource Name
Application Server Control	OracleORACLE_HOMEASControl	OracleORACLE_HOMEASControl
Oracle Process Manager and Notification Server (OPMN)	OracleORACLE_HOMEProcessManager	OracleORACLE_HOMEProcessManager
OracleAS Metadata Repository database	OracleServiceSID	SID
OracleAS Metadata Repository database listener	OracleORACLE_HOMETNSListenerFslvirtual_host_name	OracleORACLE_HOMETNSListenerFslvirtual_host_name

From the Services control panel, check to be sure that the services shown in Table B-3 are stopped.

Display the Services control panel as follows:

Windows 2000: Select Start > Programs > Administrative Tools > Services.

Windows 2003: Select Start > Administrative Tools > Services.

When you are sure all the required services and cluster groups are stopped, back up the Infrastructure by copying the entire Infrastructure directory structure on the shared disk to a new directory.

For example, if the Oracle home for your OracleAS Infrastructure is F:\oracle\as904, then use the following command to backup the entire directory:

copy F:\oracle\as904 G:\backup\as904

Important Notes:

Consider the following before starting the upgrade to 10g (10.1.4.0.1):

The admin and oradata directories associated with the OracleAS Metadata Repository database must be backed up before proceeding with the upgrade procedure. By default, the admin and oradata directories reside inside the Oracle home. However, if you have configured the installation so that these directories and their contents reside outside of the Oracle home, then be sure to back up the admin and oradata database directories as well.
This backup of the Oracle Application Server Cold Failover Clusters Infrastructure directory structure is necessary because you will use these backup directories to restore the previous Infrastructure later in the OracleAS Cold Failover Cluster upgrade procedure.

Use the Windows Services control panel to start all the Infrastructure services shown in Table B-3.

Start the database and listener as follows:

ORACLE_HOME\bin\lsrnctl start
ORACLE_HOME\bin\sqlplus "/ as sysdba"
SQL> startup
SQL> exit

B.2.3 Preparing to Upgrade to 10g (10.1.4.0.1) From Node 1

Use the following procedure to perform the pre-installation steps on Node 1.

Step 1 Be Sure You Have Backed Up the Oracle Application Server Cold Failover Clusters Infrastructure Directories

You must back up the Infrastructure directories as directed in Section B.2.2, "Backing Up the Source OracleAS Cold Failover Cluster Infrastructure" before you start the upgrade process.

Step 2 From Cluster Administrator, Delete the Application Server Resources

In Cluster Administrator, open the application server group and delete each of the resources that you took offline in Section B.2.2, "Backing Up the Source OracleAS Cold Failover Cluster Infrastructure".

The resources include:
- The OracleAS Metadata Repository database (for example, asdb)
- The database listener
- Oracle Process Manager and Notification Server (OPMN)
- Application Server Control
Use Table B-3 to identify the name of each resource, since the resource name is the same as the resource name used in the Services control panel.

To delete a resource, right-click the resource and select Delete from the context menu; then, click Yes in the confirmation prompt.

Step 3 Make Sure that All the Infrastructure Services are Up and Running

From the Services control panel, check to be sure that the services shown in Table B-3 are up and running on Node 1.

Note that in this step, you are starting the Windows services from the Windows operating system. The components have already been removed from Cluster Administrator and are no longer being managed by Microsoft Cluster Server.

Step 4 Verify that a Password File Exists and that the remote_login_passwordfile Parameter is Set to EXCLUSIVE mode

If you are not already using a password file for the OracleAS Metadata Repository database, create one using the ORAPWD command.

For example, if your database data files reside in the Oracle home, and your Oracle home is F:\oracle\as904, you can create a password file in the ORACLE_HOME\database directory called pwdasdb.ora by entering the following command:

ORAPWD FILE=F:\oracle\as904\database\pwdasdb.ora PASSWORD=sys_password

See Also:

"Creating and Maintaining a Password File" in the Oracle Database Administrator's Guide, which is available as part of the Oracle Database Documentation Library on the Oracle Technology Network (OTN):

http://www.oracle.com/technology/documentation/

To check the remote_login_passwordfile database parameter value:

Execute the following SQL command:
```
prompt> sqlplus "sys/sys_password@database_SID as sysdba"
```
In this example, replace sys_password with the password for the database SYS account and replace database_SID with the database system identifier (SID).
Execute the following command in the SQL plus prompt:
```
SQL> show parameter remote_login_passwordfile
```
If the value is set to NONE, then update the init.ora file parameter as follows:
```
remote_login_passwordfile=EXCLUSIVE
```
The init.ora is located on your installation hard drive. For example, if ORACLE_HOME is set to F:\oracle\as904, then the init.ora file would be in the following location:
```
F:\oracle\as904\admin\database_name\pfile\init.ora
```
In the preceding example, replace database_name with the database system identifier (SID).

You must restart the database after making this change to the init.ora file.

B.2.4 Upgrading to 10g (10.1.4.0.1) From Node 1

To upgrade Oracle Application Server Cold Failover Clusters (Infrastructure), you use Oracle Universal Installer. During the installation procedure, you must select Identity Management and Metadata Repository from the Select Installation Type screen. Oracle Universal Installer then locates the existing installation and prompts you to upgrade the existing Infrastructure.

When you upgrade the Infrastructure, Oracle Universal Installer creates a new database for the 10g (10.1.4.0.1) OracleAS Metadata Repository and a new Oracle Internet Directory instance in a new Oracle home on the shared disk.

The new Oracle home is referred to as the destination Oracle home. The existing Oracle home is referred to as the source Oracle home.

The Oracle Universal Installer then upgrades the content and data in the source Oracle home to the 10g (10.1.4.0.1) destination Oracle home.

Stop all the middle tiers that are using the services of the OracleAS Identity Management installation.
Log in to the computer on which instance is installed, as the same operating system user that performed the installation.

Note:
The account you log in to install or upgrade the OracleAS Metadata Repository must be listed as a member of the Administrators group.
Make sure that the OracleAS Metadata Repository database and database listener are up and running.

For example, you can use the Services control panel to verify that the OracleAS Metadata Repository database service and the database listener service are started. Use Table B-3 to locate the name of the database and listener services in the Services control panel.

Make sure the Oracle Internet Directory server is up and running.

To verify that Oracle Internet Directory is running, enter one of the following commands.

Note:

You may have to temporarily set the ORACLE_HOME environment variable to the Oracle Internet Directory Oracle home before running the ldapbind command.

After you verify that the Oracle Internet Directory is running, you must then make sure the ORACLE_HOME environment variable is not defined before you start the 10g (10.1.4.0.1) installer, as described later in this procedure.

If you are running Oracle Internet Directory on a non-secure port:

SOURCE_ORACLE_HOME\bin\ldapbind -p Non-SSL_port -h oid_host_name

If you are running Oracle Internet Directory on a secure port:

SOURCE_ORACLE_HOME\bin\ldapbind -p SSL_port -h oid_host_name -U 1

These commands should return a "bind successful" message.

See Also:

"Syntax for LDIF and Command-Line Tools" in the Oracle Internet Directory Administrator's Guide for more information about the ldapbind utility

Note:

Oracle Internet Directory 10g (9.0.4) allows you to start and stop the directory service using OPMN or the oidctl utility.

Before upgrading an OracleAS Identity Management Oracle home that contains Oracle Internet Directory, start the Oracle Internet Directory instance using the opmnctl utility or the Application Server Control Console. Do not use the oidctl utility; otherwise, Oracle Universal Installer will not be able to start and stop Oracle Internet Directory automatically during the upgrade process.

The correct use of opmnctl and oidctl is described in the Chapter "Oracle Internet Directory Process Control–Best Practices" in the Oracle Internet Directory Administrator's Guide.

Set the required environment variables, as defined in the section "Environment Variables" in the "Requirements" chapter of the Oracle Application Server Installation Guide.

In particular, be sure the following environment variables are not set:
- TNS_ADMIN
- ORACLE_HOME
- ORACLE_SID
If the ORACLE_HOME environment variable was previously set, restart the host computer after unsetting the variable.

The system restart is necessary to clear the ORACLE_HOME variable from the system registry. If you do not restart the computer after clearing the ORACLE_HOME variable, the installation might report an error and prevent you from finishing the installation.
Mount the CD-ROM and start the installer.

See Also:
Oracle Application Server Installation Guide for detailed instructions about starting Oracle Universal Installer on your platform
Refer to Table B-4 for information on the options you should select on each screen.
After the End of Installation screen appears, exit Oracle Universal Installer and then verify that Oracle Internet Directory and Oracle Application Server Single Sign-On are functioning and accessible in the new 10g (10.1.4.0.1) Oracle home.

See Also:
Oracle Application Server Administrator's Guide, Chapter 1, "Accessing the Single Sign-On Server"

Table B-4 Summary of the Oracle Universal Installer Screens During the OracleAS Identity Management Upgrade in a Colocated infrastructure

Screen	Description and Recommended Options to Select
Welcome	Welcomes you to Oracle Universal Installer and the Oracle Application Server installation procedure.
Specify File Locations	Enter a name and path for the new Oracle home. For example, `F:\oracle\as1014`. This new Oracle home will be the destination Oracle home for your Oracle Application Server 10g (10.1.4.0.1) upgrade.
Select a Product to Install	Select OracleAS Infrastructure 10g. If multiple languages are used in the OracleAS Infrastructure you are upgrading, then click Product Languages.
Language Selection	The screen appears only if you clicked Product Languages on the Select a Product to Install screen. If multiple languages are used in the OracleAS Infrastructure you are upgrading, select those languages. If you are not sure which languages were installed, but want languages other than English, click the double arrow button (>>) to select all languages.
Select Installation Type	Select Identity Management and OracleAS Metadata Repository. Note: It is very important that you select the same installation type that is used in the Oracle home you are upgrading.
Upgrade Existing Infrastructure	This screen appears when Oracle Universal Installer detects an existing Oracle Application Server installation of the same type as the one you selected on the Select Installation Type screen. Select the option to upgrade an existing OracleAS Infrastructure, and then select the Oracle home you want to upgrade from the drop-down list. (If there is only one Infrastructure of the selected time on the computer, then the drop-down list is inactive.)
Specify OID Login	Enter the Oracle Internet Directory superuser distinguished name (DN) in the Username field. The superuser DN `cn=orcladmin` is the default for this field; change this value if the Oracle Internet Directory superuser DN is not `cn=orcladmin`. Enter the password for the superuser DN in the Password field.
Specify Infrastructure Database Connection Information	Enter `SYS` in the Username field and the `SYS` user's password in the Password field.
Warning dialog box	This dialog box warns you that all the clients of the OracleAS Metadata Repository database must now be stopped. Oracle Universal Installer will automatically stop any clients within the source Oracle home.^Foot 1 However, you must manually stop any database clients and OracleAS Metadata Repository clients that reside in another Oracle home. Clients of the OracleAS Metadata Repository include: OracleAS Identity Management components that use this OracleAS Metadata Repository. Middle tier instances that use this OracleAS Metadata Repository Within each middle tier that uses this OracleAS Metadata Repository, you must be sure to stop all components, including Oracle HTTP Server and OracleAS Web Cache. For more information, see the chapter "Starting and Stopping " in the Oracle Application Server Administrator's Guide.
Database Listener Warning Dialog Box	If a database listener is running on the host, a warning dialog box displays. Review the dialog box to determine whether or not you need to stop the listener manually. For more information, see "Stopping the Database Listener When Prompted During the OracleAS Identity Management Upgrade".
Specify Instance Name and ias_admin Password	Enter a name for the new Oracle Application Server 10g (10.1.4.0.1) instance and a password for the `ias_admin` Administrator account. You use the `ias_admin` password to log on to Application Server Control Console to manage Oracle Application Server. In general, the minimum length of the `ias_admin` password is five alphanumeric characters. At least one of the characters must be a number and the password cannot start with a number. For more information, see the section "The ias_admin User and Restrictions on its Password" in the Oracle Application Server Installation Guide.
Summary	Use this screen to confirm the choices you've made. Click Install to begin upgrading to the new 10g (10.1.4.0.1) Oracle home.
The Configuration Assistants	After the initial software is installed, a set of configuration assistants automatically set up the components in the new 10g (10.1.4.0.1) Oracle home. Use this screen to follow the progress of each assistant and to identify any problems during this phase of the installation. Notes: The Database Upgrade Assistant (DBUA) can take a significant amount of time to upgrade the database. For more information how long it takes to upgrade your database, see "Planning for System Downtime". While Database Upgrade Assistant is running, do not use the Stop button to interrupt the execution of Database Upgrade Assistant. If you press Stop, the underlying processes for Database Upgrade Assistant will continue to run. Also, Oracle Universal Installer will wait until those processes complete before returning control to the user.
End of Installation	When the installation and upgrade is complete, this screen provides important details about the 10g (10.1.4.0.1) Oracle home, such as the URL for the Application Server Control Console and the location of the `setupinfo.txt` file. After you review the information on this screen, you can exit Oracle Universal Installer and proceed to the post-upgrade tasks.

^Footnote 1You can access a log of the automated shutdown procedure executed by Oracle Universal Installer in the shutdownprocesses.log file, which is located in the cfgtoollogs directory in the destination Oracle home.

B.2.5 Cleaning Up the OracleAS Cold Failover Cluster Infrastructure on Node 1

Use the following steps to clean up the OracleAS Cold Failover Cluster Infrastructure on Node 1 and prepare to update Node 2.

Step 1 Stop the OracleAS Infrastructure Services on Node 1, and Set the Startup Type to Manual

Display the Services window.

Windows 2000: Select Start > Programs > Administrative Tools > Services.

Windows 2003: Select Start > Administrative Tools > Services.
Stop the 10g (10.1.4.0.1) services:
- Oracle<OracleHomeName>ASControl
- Oracle<OracleHomeName>ClientCache
- Oracle<OracleHomeName>ProcessManager
- Oracle<OracleHomeName>TNSListenerFsl<VirtualHostName>
- OracleService<SID>
To stop a service, right-click the service and select Stop from the pop-up menu.
Set the start type of the 10g (10.1.4.0.1) services listed above to manual.
1. Right-click the service, and select Properties.
2. Select Manual from the "Startup Type" section, and click OK.

Step 2 Restart Node 1

When you restart Node 1, the shared disk is moved to Node 2. If an error occurs while adding the database service to Oracle Fail Safe, then restart Node 2 and try adding the database to Oracle Fail Safe again.

B.2.6 Configuring the Windows Registry, Oracle Inventory, and Services on Node 2

After you upgrade the OracleAS Infrastructure on Node 1, the next step in the OracleAS Cold Failover Cluster upgrade procedure is to update Node 2 so that the required Windows registry settings, Oracle inventory entries, and Windows services are available for the OracleAS Cold Failover Cluster.

Step 1 Review Your Options for Updating Node 2

Review the following information to determine whether or not the two nodes of your cluster are symmetrical.

The two nodes of an OracleAS Cold Failover Cluster are symmetrical if they have an identical:

Hardware configuration (for example, the same memory and CPU specifications)
Software configuration (for example, the same operating system version and patch level)
Oracle configuration (for example, the same Oracle products and Oracle homes are installed on both nodes

If the two nodes of your OracleAS Cold Failover Cluster are not symmetrical, then skip the remaining steps in this section and go directly to Section B.2.7, "Special Instructions for Updating Node 2 When Using Asymmetrical Configurations".

Step 2 Export the Oracle Registry Settings From Node 1

From Node 1, select Run from the Windows Start menu, and enter regedit in the resulting text field.
Locate and select the HKEY_LOCAL_MACHINE\SOFTWARE\Oracle entry in the Windows registry.
Select Export Registry File from the Registry menu.
In the resulting dialog box, make sure that the Selected Branch radio button is selected and that the HKEY_LOCAL_MACHINE\SOFTWARE\Oracle branch is selected.
Enter a name for the exported registry file and click Save.

For example, enter oracle_registry_entries.

Step 3 Remove the Database Instance from Node 1

On node 1, run the following command to remove the OracleAS Metadata Repository database instance that you just upgraded:

F:\oracle\as1014\bin> oradim -delete -sid sid

Step 4 Import the Registry Settings into the Windows Registry on Node 2

Log in to Node 2.
Double-click the oracle_registry_entries.reg file you created when you exported the registry entries from Node 1.
When prompted to add the registry entries, click Yes.

Step 5 Create and Start the Required Windows Services for 10g (10.1.4.0.1)

To create the Windows services on Node 2, you can use the SC tool (sc.exe), which is a services control management tool provided by Microsoft.

Note:

Before you use this procedure, make sure that the version of the sc.exe program you are using is version 5.0.2134.1 or later. For more information, refer to the Microsoft Web site.

To use the SC tool to create the required services on Node 2:

Oracle Process Manager and Notification Server (OPMN):

sc create Oracle<home name>ProcessManager
   binPath= "ORACLE_HOME\opmn\bin\opmn.exe -S"

For example:

sc create OracleINFRAProcessManager
   binPath= "C:\oracle\appserv1\opmn\bin\opmn.exe -S"

Oracle Enterprise Manager 10g Application Server Control:

sc create Oracle<home name>ASControl
   binPath= "ORACLE_HOME\bin\nmesrvc.exe"

For example:

sc create OracleINFRAASControl
   binPath= "C:\oracle\appserv1\bin\nmesrvc.exe"

The OracleAS Metadata Repository database listener:

sc create Oracle<home name>TNSListener
   binPath= "ORACLE_HOME\bin\TNSLSNR"

For example:

sc create OracleINFRATNSListener
   binPath= "C:\oracle\appserv1\bin\TNSLSNR"

The OracleAS Metadata Repository database:

sc create OracleService<oracle_sid>
   binPath= "ORACLE_HOME\bin\oracle.exe oracle_sid"

Note that oracle_sid should be in upper case. For example:

sc create OracleServiceORCL
   binPath= "C:\oracle\appserv1\bin\ORACLE.EXE ORCL"

Note:

The service used to manage the Oracle Enterprise Manager 10g Database Control is not included in this procedure because the Database Control is not configured automatically during the upgrade procedure. For more information, refer to "Task 5: Configure Oracle Enterprise Manager 10g Database Control".

Step 6 Copy the Oracle Inventory from Node 1 to Node 2

The Oracle Universal Installer inventory stores information about all Oracle software products installed in all Oracle homes on a host, provided the product was installed using Oracle Universal Installer.

The Oracle inventory information is stored in Extensible Markup Language (XML) format in a single directory structure on the host. The inventory is usually located in the following directory on Windows systems:

C:\Program Files\Oracle\Inventory

You can always find the location of the inventory by selecting the following registry key in the Windows registry and viewing the value of the inst_loc string:

\\HKEY_LOCAL_MACHINE\\Software\Oracle\

To copy the Oracle Inventory to Node 2, select the entire directory (for example, C:\Program Files\Oracle\Inventory) and copy it to the same location on Node 2.

Step 7 Add Required Paths to the PATH Environment Variable

Use the System control panel to add the following to the beginning of the Windows PATH variable:

%ORACLE_HOME%\bin;%ORACLE_HOME%\jlib;

See Also:

The Windows online help for instructions on how to set the PATH variable for your specific Windows platform

Step 8 Skip to Section B.2.8, "Using MRUA to Upgrade the OracleAS Metadata Repository from Node 2"

Unless the nodes of the cluster are asymmetrical, skip Section B.2.7 and go directly to Section B.2.8.

B.2.7 Special Instructions for Updating Node 2 When Using Asymmetrical Configurations

If the two nodes in your OracleAS Cold Failover Cluster are not symmetrical, refer to the following procedures to update the configuration of Node 2.

Step 1 Remove the Database Instance from Node 1

On node 1, run the following command to remove the 10g (10.1.4.0.1) OracleAS Metadata Repository database instance that you just upgraded:

F:\oracle\as1014\bin> oradim -delete -sid sid

Step 2 From Node 1, Delete the 10g (10.1.4.0.1) Oracle Home and Restore the source Oracle Home

On Node 1, delete the 10g (10.1.4.0.1) destination Oracle home from the shard disk.
Delete the source Oracle home from the shared disk.
Restore the Infrastructure directories that you backed up in Section B.2.2, "Backing Up the Source OracleAS Cold Failover Cluster Infrastructure".

For example, copy the following backed up directories described in Step 1 to their original locations:
```
copy G:\backup\as904 F:\oracle\as904
```
Note:
If the oradata and admin directories were stored outside of the Infrastructure source Oracle home, be sure to restore them to their original directories.

Step 3 From Node 2, Start the Source Infrastructure Services

Log in to Node 2 as the same operating system user that performed the source Oracle home installation.

Note:
The account you log in to install or upgrade the OracleAS Metadata Repository must be listed as a member of the Administrators group.
Display the Services window.

Windows 2000: Select Start > Programs > Administrative Tools > Services.

Windows 2003: Select Start > Administrative Tools > Services.
Start the source Oracle home services:
- OracleService<SID>
- Oracle<OracleHomeName>TNSListenerFsl<VirtualHostName>
- Oracle<OracleHomeName>ProcessManager
- Oracle<OracleHomeName>ClientCache
- Oracle<OracleHomeName>ASControl
To start a service, right-click the service and select Start from the pop-up menu.

Step 4 Verify that a Password File Exists and that the remote_login_passwordfile Parameter is Set to EXCLUSIVE mode

If you are not already using a password file for the OracleAS Metadata Repository database, create one using the ORAPWD command.

ORAPWD FILE=F:\oracle\as904\database\pwdasdb.ora PASSWORD=sys_password

See Also:

"Creating and Maintaining a Password File" in the Oracle Database Administrator's Guide

To check the remote_login_passwordfile database parameter value:

Execute the following SQL command:
```
prompt> sqlplus "sys/sys_password@database_SID as sysdba"
```
In this example, replace sys_password with the password for the database SYS account and replace database_SID with the database system identifier (SID).
Execute the following command in the SQL plus prompt:
```
SQL> show parameter remote_login_passwordfile
```
If the value is set to NONE, then update the init.ora file parameter as follows:
```
remote_login_passwordfile=EXCLUSIVE
```
The init.ora is located on your installation hard drive. For example, if ORACLE_HOME is set to F:\oracle\as904, then the init.ora file would be in the following location:
```
F:\oracle\as904\admin\database_name\pfile\init.ora
```
In the preceding example, replace database_name with the database system identifier (SID).

You must restart the database after making this change to the init.ora file.

Step 5 From Node 2, Upgrade the Infrastructure to 10g (10.1.4.0.1)

Make sure that the OracleAS Metadata Repository database and database listener are up and running.

Make sure the Oracle Internet Directory server is up and running.

To verify that Oracle Internet Directory is running, enter one of the following commands.

Note:

You may have to temporarily set the ORACLE_HOME environment variable to the Oracle Internet Directory Oracle home before running the ldapbind command.

If you are running Oracle Internet Directory on a non-secure port:

SOURCE_ORACLE_HOME\bin\ldapbind -p Non-SSL_port -h oid_host_name

If you are running Oracle Internet Directory on a secure port:

SOURCE_ORACLE_HOME\bin\ldapbind -p SSL_port -h oid_host_name -U 1

These commands should return a "bind successful" message.

See Also:

"Syntax for LDIF and Command-Line Tools" in the Oracle Internet Directory Administrator's Guide for more information about the ldapbind utility

Note:

Oracle Internet Directory 10g (9.0.4) allows you to start and stop the directory service using OPMN or the oidctl utility.

The correct use of opmnctl and oidctl is described in the Chapter "Oracle Internet Directory Process Control–Best Practices" in the Oracle Internet Directory Administrator's Guide.

Set the required environment variables, as defined in the section "Environment Variables" in the "Requirements" chapter of the Oracle Application Server Installation Guide.

In particular, be sure the following environment variables are not set:
- TNS_ADMIN
- ORACLE_HOME
- ORACLE_SID
If the ORACLE_HOME environment variable was previously set, restart the host computer after unsetting the variable.

The system restart is necessary to clear the ORACLE_HOME variable from the system registry. If you do not restart the computer after clearing the ORACLE_HOME variable, the installation might report an error and prevent you from finishing the installation.
Mount the CD-ROM and start the installer.

See Also:
Oracle Application Server Installation Guide for detailed instructions about starting Oracle Universal Installer on your platform
Refer to Table B-4 for information on the options you should select on each screen.

Note:
Be sure to select and enter the same instance name, password, and other selected options you used in the previous upgrade that you performed from Node 1.
After the End of Installation screen appears, exit Oracle Universal Installer and then verify that Oracle Internet Directory and Oracle Application Server Single Sign-On are functioning and accessible in the new 10g (10.1.4.0.1) Oracle home.

See Also:
Oracle Application Server Administrator's Guide, Chapter 1, "Accessing the Single Sign-On Server"

Step 6 Restart Node 2

After you have upgraded the Infrastructure and exited Oracle Universal Installer, perform the following procedure:

Restart Node 2.
From Cluster Administrator, move the application server group, including the shared disk, to Node 2.

B.2.8 Using MRUA to Upgrade the OracleAS Metadata Repository from Node 2

Log in to Node 2 and use the procedure in Chapter 8, "Using MRUA to Upgrade the OracleAS Metadata Repository" to upgrade the component schemas in the OracleAS Metadata Repository.

B.2.9 Creating a pfile for the Database

A pfile is a text file that contains the database initialization parameters. Oracle Fail Safe requires a "pfile" for your database. You enter the full path to the pfile in the Parameter File field when you add the database to the group.

To create a pfile:

Create a file called init<SID>.ora in the ORACLE_HOME\database directory.
Populate the file with the following lines:
```
spfile=ORACLE_HOME\database\spfileSID.ora
remote_login_passwordfile=EXCLUSIVE
local_listener="(ADDRESS=(PROTOCOL=TCP)(HOST=Virtual_IP)(PORT=1521))"
```
In this example:
- Replace ORACLE_HOME with the full path of your Oracle home directory.
- Replace SID with the SID of your database.
- Replace Virtual_IP with the virtual IP for the virtual hostname.

B.2.10 Performing Required Post-Upgrade Procedures for the OracleAS Cold Failover Cluster

This section lists the post-upgrade procedures you must perform in order to finish upgrading a OracleAS Cold Failover Cluster on a Windows system.

From Node 2, use the Services control panel to set all the source Infastructure services to Manual startup mode.

These services will be removed later, when you decommission and deinstall the source Oracle homes.
Make sure the "Oracle Services for MSCS" is online.
Perform the following procedures, which are documented in the Oracle Application Server Installation Guide.

In particular, refer to the following sections of that guide:
- Section 12.11.1, "Edit the ORACLE_HOME\Apache\htdocs\index.html File"
- Section 11.12.2, "Make OracleAS Metadata Repository Highly Available"
- Section 11.12.3, "Add the Shared Disk as a Dependency for the Listener"
- Section 11.12.4, "Add the Shared Disk as a Dependency for OPMN"
- Section 11.12.5, "Make OPMN Highly Available"
- Section 11.12.6, "Make Application Server Control Highly Available"
- Section 11.12.7, "Check that the Correct Listener Is Active"
From Node 2, use the Services control panel to set all the upgraded Infastructure services to automatic startup mode.

Use Table B-3 to identify the name of each resource, since the resource name is the same as the resource name used in the Services control panel.
Use the procedure described in "Task 5: Configure Oracle Enterprise Manager 10g Database Control" to configure the Oracle Enterprise Manager 10g Database Control.

B.2.11 Performing Typical OracleAS Identity Management Post-Upgrade Tasks

Besides the post-upgrade tasks specific to configuring an upgraded OracleAS Cold Failover Cluster environment, you must also perform the typical post-upgrade tasks required when upgrading any OracleAS Identity Management environment.

For more information, refer to the following:

B.3 Transforming 10g (9.0.4) Rack-Mounted Identity Management

The following sections describe how to transform a 10g (9.0.4) Rack-Mounted Identity Management environment to OracleAS Cluster (Identity Management):

About Rack-Mounted Identity Management and OracleAS Cluster (Identity Management)
Task 1: Review the Requirements for Transforming the 10g (9.0.4) Rackmounted Identity Management
Task 2: Upgrade the Database That Hosts the OracleAS Metadata Repository
Task 3: If Necessary, Upgrade Any Middle Tiers That Use the OracleAS Metadata Repository
Task 4: Upgrade the First OracleAS Identity Management Instance
Task 5: Use the Metadata Repository Upgrade Assistant to Upgrade the Component Schemas in the OracleAS Metadata Repository
Task 6: Install Subsequent OracleAS Cluster (Identity Management) Instances
Task 7: Verify the Upgrade and Decommission the 10g (9.0.4) Oracle Homes

B.3.1 About Rack-Mounted Identity Management and OracleAS Cluster (Identity Management)

Following the release of Oracle Application Server 10g (9.0.4), a procedure was released for deploying multiple Identity Management instances against one Infrastructure Metadata Repository. This procedure was released in the form of a whitepaper titled Highly Available Identity Management example - Rack Mounted Identity Management and it was made available to customers on the Oracle Technology Network (OTN) at:

http://www.oracle.com/technology/products/ias/hi_av/index.html

Note that the link to the whitepaper on OTN might actually be shown as Highly Available Identity Management Deployment Example - Multi-box Identity Management.

Starting with the release of Oracle Application Server 10g Release 2 (10.1.2), an "out-of-the-box" Multiple Identity Management solution is now available. This configuration is known as OracleAS Cluster (Identity Management).

See Also:

"Installing in High Availability Environments: OracleAS Cluster (Identity Management)" in the Oracle Application Server Installation Guide

The following sections provide step-by-step instructions for customers who wish to upgrade their 10g (9.0.4) Multiple Identity Management deployment to an OracleAS Clusters (Identity Management) 10g (10.1.4.0.1) deployment.

The testing and steps provided in this document are based upon an OracleAS Identity Management implementation deployed on RedHat Linux 3.0. The steps provided in this document, however, apply to any Unix platform.

B.3.2 Task 1: Review the Requirements for Transforming the 10g (9.0.4) Rackmounted Identity Management

The following sections describe the requirements you must meet in order to transform your highly available environment from 10g (9.0.4) Rack-Mounted Identity Management to OracleAS Cluster (Identity Management):

OracleAS Identity Management Configuration Requirements
Requirements for Colocated Versus Distributed OracleAS Identity Management
OracleAS Metadata Repository Storage Requirements
OracleAS Cluster (Identity Management) Backup Requirements

B.3.2.1 OracleAS Identity Management Configuration Requirements

Before you use this procedure, you must consider the following configuration requirements:

You must have followed the exact set of steps outlined in the paper Highly Available Identity Management example - Rack Mounted Identity Management
The Identity Management instances you are upgrading must be 10g (9.0.4) intances; previous releases of OracleAS are not supported for this configuration.
The Metadata Repository must have been created in an Oracle9i Release 2 (9.2.0.1) or greater database, using the 10g (9.0.4) OracleAS RepCA (MRCA).

B.3.2.2 Requirements for Colocated Versus Distributed OracleAS Identity Management

OracleAS Identity Management consists of components that can also be installed separately:

Oracle Internet Directory (OID)
OracleAS Single Sign-On (SSO)
Oracle Delegated Administration Services (DAS)
Oracle Directory Integration Platform (DIP)

This procedure does not include support for Oracle Application Server Certificate Authority (OCA).

In this procedure, the primary focus is on installations where all Identity management components are installed in one Oracle home. This is known as a colocated OracleAS Infrastructure, which includes Oracle Internet Directory, Oracle Delegated Administration Services, and OracleAS Single Sign-On, all installed within the same Oracle home.

To upgrade a distributed OracleAS Identity Management configuration where the Identity Management components are separated into two tiers, see Section B.4, "Transforming a Distributed 10g (9.0.4) Rack-Mounted Identity Management Environment". Such a configuration might be required, for example, where an organization needs the OracleAS Single Sign-On and Oracle Delegated Administration Services components running in a the DMZ and the Oracle Internet Directory running on the internal network inside the firewall.

B.3.2.3 OracleAS Metadata Repository Storage Requirements

This procedure assumes the database that hosts the OracleAS Metadata Repository is an Oracle Real Application Clusters (RAC) Database. Specifically, the procedure described in this section was tested on a two-node RAC environment. However, it is assumed that this procedure also applies to:

A single-instance database
A Real Application Clusters database consisting of more than two nodes

The requirement for Real Application Clusters is a shared-storage configuration. The implementation of the shared volume is vendor-specific. The procedures in this section should be applicable to all Operating systems and clusters but were developed and tested in a Linux environment. Specifically, the following shared storage options are supported:

Raw devices
Cluster filesystem (for example, OCFS on Linux)
Network filesystem (for example, supported NAS devices)

Although cluster and volume management software is vendor-specific, the steps and considerations provided in this section apply specifically to customers wishing to optionally implement Oracle's Automated Storage Management (ASM).

B.3.2.4 OracleAS Cluster (Identity Management) Backup Requirements

Before you begin this transformation procedure, take a complete, full software backup of everything in the Oracle Home and related directories for the OracleAS Metadata Repository and the OracleAS Identity Management instances.

In addition, shut down all processes and perform a full cold database backup of the middle tiers and Infrastructure Oracle homes.

B.3.3 Task 2: Upgrade the Database That Hosts the OracleAS Metadata Repository

Before you can upgrade to OracleAS Cluster (Identity Management), you must upgrade the database that hosts the OracleAS Metadata Repository to a supported database.

For detailed instructions on upgrading the database that hosts the OracleAS Metadata Repository, see Chapter 6, "Upgrading the Database That Hosts the OracleAS Metadata Repository".

Note:

When applying database patchsets, be sure to carefully review the patchset README for your specific platform. The instructions for installing patchsets can vary significantly from platform to platform. For example, some platforms, such as Linux, might require you to install a specific version of Oracle Universal Installer before proceeding with the patchset installation.

B.3.4 Task 3: If Necessary, Upgrade Any Middle Tiers That Use the OracleAS Metadata Repository

There are certain upgrade scenarios where you might have to upgrade any 10g (9.0.4) middle tiers in your Oracle Application Server environment to 10g Release 2 (10.1.2).

For more information, refer to Chapter 5, "Upgrading 10g (9.0.4) Middle Tiers to 10g Release 2 (10.1.2)".

B.3.5 Task 4: Upgrade the First OracleAS Identity Management Instance

After the database that hosts the OracleAS Metadata Repository has been upgraded to a supported version, and after any middle tiers have been upgraded to 10g Release 2 (10.1.2), you can now upgrade the first OracleAS Identity Management Oracle home in the Rack-Mounted Identity Management configuration.

When you upgrade the first OracleAS Identity Management Oracle home, you also upgrade the OracleAS Identity Management schemas in the OracleAS Metadata Repository.

Note that in an OracleAS Cluster (Identity Management), the Identity Management instances are clustered together in a Distributed Configuration Management (DCM) Cluster. This ensures synchronization between the configurations of the different Identity Management components on all of the Identity Management instances.

To upgrade the first OracleAS Identity Management Oracle home, use the following steps.

Make sure that the other OracleAS Identity Management Instances in the Rack-Mounted Identity Management environment are down.

Only the OracleAS Identity Management instance that you are upgrading first should be up and running. If necessary, shut down the other OracleAS Identity Management instances.
Configure the Load Balancer to direct traffic only to the OracleAS Identity Management instance you are about to upgrade

All Requests should be directed only to the OracleAS Identity Management instance you are about to upgrade. The other OracleAS Identity Management instances in the Rack-Mounted Identity Management environment should be shut down.
Use the Oracle Application Server 10g (10.1.4.0.1) installation procedure to upgrade the OracleAS Identity Management instance.

Refer to Chapter 7, "Using Oracle Universal Installer to Upgrade Oracle Identity Management" for complete instructions on upgrading the first OracleAS Identity Management Oracle home.
Perform any post-upgrade procedures that apply to your OracleAS Identity Management environment.

Refer to Chapter 9, "Component-Specific Post-Upgrade Procedures" for more information.
Perform the steps described in Section B.5.4.3.3, "Configuration Steps When Oracle HTTP Server and the Load Balancer are Not Using SSL".
Create a Distributed Configuration Management (DCM) cluster that the other OracleAS Identity Management instances can join:
1. Enter the DCM command-line shell:
```
ORACLE_HOME\dcm\bin\dcmctl shell
```
2. Create a new Cluster:
```
DCM> createcluster -cl IMcluster
```
  In this example, IMCluster is the name you assign to the cluster.
3. Join the DCM cluster as the first instance:
```
DCM> joincluster -cl IMcluster
```
  At this point the instance will be stopped.
4. Restart the instance:
```
opmnctl startall
```
  A new cluster has now been created with the upgraded IM instance as its sole member.
Perform the steps described in Section B.5.4.4, "Task 4d: Finish the Upgrade of the First OracleAS Identity Management Instance".

B.3.6 Task 5: Use the Metadata Repository Upgrade Assistant to Upgrade the Component Schemas in the OracleAS Metadata Repository

Make sure that the OracleAS Identity Management instance (including Oracle Internet Directory) that you upgraded in Section B.3.5, "Task 4: Upgrade the First OracleAS Identity Management Instance" is up and running.

If it is not running, start the Identity Management instance (including Oracle Internet Directory) as follows:
```
ORACLE_HOME/opmn/bin/opmnctl startall
```
Upgrade the Metadata Repository in the newly upgraded database as described in Chapter 8, "Using MRUA to Upgrade the OracleAS Metadata Repository", with the following exception:

On the MRUA command line, enter the address of the load balancer in place of the oid_host and oid_ssl_port arguments.

Note that the values you enter for the -oid_host argument and -oid_ssl_port arguments must match the value of the corresponding properties defined in following configuration file in the Identity Management Oracle home:
```
IDENTITY_MANAGEMENT_HOME/config/ias.properties
```
For example:
```
OIDhost=sys42.acme.com
OIDsslport=636
```
When MRUA finishes processing, verify that the schemas have been upgraded, as described in Section 8.3, "Task 3: Verify the Success of the OracleAS Metadata Repository Upgrade".
Complete the OracleAS Metadata Repository upgrade using the instructions in the section, Section 9.4, "Task 4: Perform OracleAS Portal Post-Upgrade Steps".

B.3.7 Task 6: Install Subsequent OracleAS Cluster (Identity Management) Instances

After you upgrade the first OracleAS Identity Management instance in the cluster, and after you upgrade the OracleAS Metadata Repository, you can then install the additional OracleAS Identity Management instances in the OracleAS Cluster (Identity Management):

Make sure that the Oracle Internet Directory is up and running on the first OracleAS Identity Management instance.
Make sure that the OracleAS Metadata Repository database and listener are up and running.
Make sure that the Load Balancer is configured to direct traffic only to the first Identity Management instance.
Install the new 10g (10.1.4.0.1) OracleAS Identity Management Oracle home by following the instructions in the section "Installing OracleAS Cluster (Identity Management) on Subsequent Nodes," in the Oracle Application Server Installation Guide.
Reconfigure Load Balancer and test the installation.

After a successful installation of the subsequent OracleAS Identity Management Oracle home, configure the Load Balancer to route requests to the new instance.
Repeat this procedure for any additional and subsequent OracleAS Identity Management installations that will be part of the cluster.

B.3.8 Task 7: Verify the Upgrade and Decommission the 10g (9.0.4) Oracle Homes

After you have upgraded the first Oracle Identity Management instance in the cluster and you have added the remaining cluster members, you can then verify that the upgrade was successful and then decommission the 10g (9.0.4) Oracle homes.

For more information, refer to Chapter 10, "Verifying the Upgrade and Decommissioning the Source Oracle Homes".

B.4 Transforming a Distributed 10g (9.0.4) Rack-Mounted Identity Management Environment

In a distributed Rack-Mounted Identity Management environment, the Oracle Internet Directory is installed in a separate Oracle home from the other OracleAS Identity Management components.

The procedure for transforming distributed Rack-Mounted Identity Management components is the same as that for transforming a colocated Rack-Mounted Identity Management installation, except for the following exceptions. The following steps summarize the distributed transformation procedure:

Table B-5 Summary of the Steps for Transforming a Distributed Rack-Mounted Identity Management Environment to OracleAS Cluster (Identity Management)

Task No.	Description	More Information
1	Review the requirements for transforming Rack-Mounted Identity Management.	Section B.3.2, "Task 1: Review the Requirements for Transforming the 10g (9.0.4) Rackmounted Identity Management"
2	Upgrade the database that hosts the OracleAS Metadata Repository.	Section B.3.3, "Task 2: Upgrade the Database That Hosts the OracleAS Metadata Repository"
3	If necessary, upgrade any 10g (9.0.4) middle tiers.	Section B.3.4, "Task 3: If Necessary, Upgrade Any Middle Tiers That Use the OracleAS Metadata Repository"
4	Upgrade the first Oracle Internet Directory Oracle home.	Steps 1 through 4 of Section B.3.5, "Task 4: Upgrade the First OracleAS Identity Management Instance"
5	Upgrade the first OracleAS Single Sign-On Oracle home.	Steps 1 through 4 of Section B.6.5, "Task 5: Upgrade the First OracleAS Single Sign-On Oracle Home"
6	Create a Distributed Configuration Management (DCM) cluster for the OracleAS Single Sign-On instances.	Step 6 of Section B.3.5, "Task 4: Upgrade the First OracleAS Identity Management Instance".
7	Configure Oracle HTTP Server and OracleAS Single Sign-On in the OracleAS Single Sign-On Oracle home.	Section B.5.4.3.3, "Configuration Steps When Oracle HTTP Server and the Load Balancer are Not Using SSL"
8	Finish the upgrade of the first OracleAS Single Sign-On instance.	Section B.5.4.4, "Task 4d: Finish the Upgrade of the First OracleAS Identity Management Instance"
9	Use the Metadata Repository Upgrade Assistant to Upgrade the Component Schemas in the OracleAS Metadata Repository	Section B.3.6, "Task 5: Use the Metadata Repository Upgrade Assistant to Upgrade the Component Schemas in the OracleAS Metadata Repository"
10	Install Subsequent OracleAS Cluster (Identity Management) Instances	Section B.3.7, "Task 6: Install Subsequent OracleAS Cluster (Identity Management) Instances"
11	Verify the Upgrade and Decommission the 10g (9.0.4) Oracle Homes	Section B.3.8, "Task 7: Verify the Upgrade and Decommission the 10g (9.0.4) Oracle Homes"

B.5 Upgrading an OracleAS Cluster (Identity Management) 10g Release 2 (10.1.2) Colocated Configuration

A colocated OracleAS Identity Management installation includes all the OracleAS Identity Management components in each Oracle home. Compare the procedures in this section with those in Section B.6, "Upgrading an OracleAS Cluster (Identity Management) 10g Release 2 (10.1.2) Distributed Configuration".

The following sections describe how to upgrade a colocated 10g Release 2 (10.1.2) OracleAS Cluster (Identity Management) environment to 10g (10.1.4.0.1).

Task 1: Review the OracleAS Cluster (Identity Management) Upgrade Requirements
Task 2: Upgrade the Database That Hosts the OracleAS Metadata Repository
Task 3: If Necessary, Upgrade any 10g (9.0.4) Middle Tiers to 10g Release 2 (10.1.2.0.2)
Task 4: Upgrade the First OracleAS Identity Management Instance
Task 5: Using Metadata Repository Upgrade Assistant to Upgrade the Component Schemas in the OracleAS Metadata Repository
Task 6: Installing Subsequent OracleAS Cluster (Identity Management) Instances
Task 7: Verify the Upgrade and Decommission the 10g Release 2 (10.1.2) Oracle Homes

B.5.1 Task 1: Review the OracleAS Cluster (Identity Management) Upgrade Requirements

The following sections describe the requirements you must meet in order to upgrade your 10g Release 2 (10.1.2) colocated OracleAS Cluster (Identity Management) configuration to OracleAS Cluster (Identity Management) 10g (10.1.4.0.1):

OracleAS Identity Management Configuration Requirements
Requirements for Colocated Versus Distributed OracleAS Identity Management
OracleAS Metadata Repository Storage Requirements
OracleAS Cluster (Identity Management) Backup Requirements

B.5.1.1 OracleAS Identity Management Configuration Requirements

Before you use this procedure, note that the Identity Management instances you are upgrading must be 10g Release 2 (10.1.2) intances that were installed using the procedures documented in "Installing in High Availability Environments: OracleAS Cluster (Identity Management)" in the 10g Release 2 (10.1.2) Oracle Application Server Installation Guide.

B.5.1.2 Requirements for Upgrading a Colocated OracleAS Cluster (Identity Management) Configuration

OracleAS Identity Management consists of components that can also be installed separately:

Oracle Internet Directory (OID)
OracleAS Single Sign-On (SSO)
Oracle Delegated Administration Services (DAS)
Oracle Directory Integration Platform (DIP)

This procedure does not include support for Oracle Application Server Certificate Authority (OCA).

This procedure describes how to upgrade installations where all Identity management components are installed in each Oracle home. This is known as a colocated OracleAS Infrastructure, where Oracle Internet Directory, Oracle Delegated Administration Services, Oracle Directory Integration Platform, and OracleAS Single Sign-On are installed within the same Oracle home.

See Also:

Section B.6, "Upgrading an OracleAS Cluster (Identity Management) 10g Release 2 (10.1.2) Distributed Configuration" for information about upgrading a distributed OracleAS Identity Management configuration.

Figure B-1 shows a typical colocated OracleAS Cluster (Identity Management) 10g Release 2 (10.1.2) environment.

Figure B-1 10g Release 2 (10.1.2) Colocated OracleAS Cluster (Identity Management) Upgrade Starting Point

Description of "Figure B-1 10g Release 2 (10.1.2) Colocated OracleAS Cluster (Identity Management) Upgrade Starting Point"

B.5.1.3 OracleAS Cluster (Identity Management) Backup Requirements

Before you begin this procedure, perform a complete, full software backup of everything in the Oracle Home and related directories for the OracleAS Metadata Repository and the OracleAS Identity Management instances.

In addition, shut down all processes and perform a full cold database backup of the middle tiers and Infrastructure Oracle homes.

B.5.2 Task 2: Upgrade the Database That Hosts the OracleAS Metadata Repository

Before you can upgrade to OracleAS Cluster (Identity Management), you must upgrade the database that hosts the OracleAS Metadata Repository to a supported database.

For detailed instructions on upgrading the database that hosts the OracleAS Metadata Repository, see Chapter 6, "Upgrading the Database That Hosts the OracleAS Metadata Repository".

Note:

B.5.3 Task 3: If Necessary, Upgrade any 10g (9.0.4) Middle Tiers to 10g Release 2 (10.1.2.0.2)

There are certain upgrade scenarios where you might have to upgrade any 10g (9.0.4) middle tiers in your Oracle Application Server environment to 10g Release 2 (10.1.2).

For more information, refer to Chapter 5, "Upgrading 10g (9.0.4) Middle Tiers to 10g Release 2 (10.1.2)".

B.5.4 Task 4: Upgrade the First OracleAS Identity Management Instance

When you upgrade the first OracleAS Identity Management Oracle home, you also upgrade the OracleAS Identity Management schemas in the OracleAS Metadata Repository.

Note that in a colocated OracleAS Cluster (Identity Management), all the OracleAS Identity Management instances are clustered in a Distributed Configuration Management (DCM) Cluster. This ensures synchronization between the configurations of the different Identity Management components on all of the Identity Management instances.

To upgrade the first OracleAS Identity Management Oracle home, refer to the following sections:

Task 4a: Prepare For and Perform the Upgrade
Task 4b: Reconfigure the DCM Cluster
Task 4c: Configure Oracle HTTP Server and OracleAS Single Sign-On
Task 4d: Finish the Upgrade of the First OracleAS Identity Management Instance

B.5.4.1 Task 4a: Prepare For and Perform the Upgrade

Use the following steps to upgrade the first OracleAS Identity Management instance in the OracleAS Cluster (Identity Management) environment:

Make sure that the other OracleAS Identity Management Instances in the environment are down.

Only the OracleAS Identity Management instance that you are upgrading first should be up and running. If necessary, shut down the other OracleAS Identity Management instances.
Configure the Load Balancer to direct traffic only to the OracleAS Identity Management instance you are about to upgrade.

All Requests should be directed only to the OracleAS Identity Management instance you are about to upgrade. The other OracleAS Identity Management instances in the environment should be shut down.
Use the Oracle Universal Installer and the Oracle Application Server 10g (10.1.4.0.1) installation procedure to upgrade the OracleAS Identity Management instance.

Refer to Chapter 7, "Using Oracle Universal Installer to Upgrade Oracle Identity Management" for complete instructions on upgrading the first OracleAS Identity Management instance.
Perform any post-upgrade procedures that apply to the Oracle Internet Directory Oracle home.

Refer to Section 9.2, "Task 2: Perform Oracle Internet Directory Post-Upgrade Steps" for more information.

B.5.4.2 Task 4b: Reconfigure the DCM Cluster

Use the following steps to reconfigure the cluster and to prepare for installing the remaining OracleAS Identity Management instances:

Remove the OracleAS Identity Management 10g Release 2 (10.1.2) instances from the cluster:
1. Start the Distributed Configuration Management (DCM) shell:
```
DESTINATION_ORACLE_HOME/dcm/bin/dcmctl shell
```
2. Display a list of the currently defined clusters:
```
DCM> listclusters
```
3. Note the name of the OracleAS Cluster (Identity Management) and then list the OracleAS Identity Management instances that are members of the cluster:
```
DCM> listInstances -cl name_of_Identity_Management_cluster
```
4. For each OracleAS Identity Management instance in the cluster, enter the following command:
```
DCM> leavecluster -i 1012_instance_name
```
Add the newly upgraded Oracle Identity Management 10g (10.1.4.0.1) instance to the cluster:
1. Join the cluster using the following command:
```
DCM> joincluster -cl name_of_Identity_Management_cluster
```
  Note that the joincluster command stops the 10g (10.1.4.0.1) instance and all of its processes.
2. Start the Oracle Identity Management 10g (10.1.4.0.1) instance:
```
DESTINATION_ORACLE_HOME\opmn\bin\opmnctl stopall
DESTINATION_ORACLE_HOME\opmn\bin\opmnctl startall
```

B.5.4.3 Task 4c: Configure Oracle HTTP Server and OracleAS Single Sign-On

Use the following steps to configure Oracle HTTP Server, OracleAS Single Sign-On, and OPMN after you have upgraded the first OracleAS Identity Management instance.

The steps you follow to configure these components vary, depending upon whether or not you have configured Oracle HTTP Server or your load balancer to accept HTTPS requests.

Refer to the following sections for more information:

Configuration Steps When Both Oracle HTTP Server and the Load Balancer Are Configured for SSL
Configuration Steps When Only the Load Balancer Is Configured for SSL
Configuration Steps When Oracle HTTP Server and the Load Balancer are Not Using SSL

B.5.4.3.1 Configuration Steps When Both Oracle HTTP Server and the Load Balancer Are Configured for SSL

The following steps apply if both the Oracle HTTP Server and the load balancer are configured to listen for the HTTPS protocol;

Configure the Oracle HTTP Server listener as follows:
1. Edit the following Oracle HTTP Server configuration file:
```
DESTINATION_ORACLE_HOME\Apache\Apache\conf\ssl.conf
```
2. Make sure that the ServerName directive is set to the virtual host (for example, imhost.domain.com) and not to the physical host.
3. Save and close the ssl.conf configuration file.
4. Update DCM to recognize the changes made to the Oracle HTTP Server component using the following command:
```
DESTINATION_ORACLE_HOME\dcm\bin\dcmctl updateConfig -ct ohs -d -v
```
Configure OracleAS Single Sign-On to accept authentication requests on the SSL port over the HTTPS protocol by using the following command:
```
ORACLE_HOME\sso\bin\ssocfg.bat https imhost.domain.com 4444
```
In this example:
- imhost.domain.com is the address configured at the load balancer for HTTPS requests.
- The default HTTPS Listener port is 4444, but this port may differ for your specific installation. You can obtain the correct value for your installation by examining the assigned to the "port" variable in the ssl.conf configuration file.

Edit the OPMN configuration file to enable SSL for the Oracle HTTP Server:

Locate and open the following OPMN configuration file with a text editor:
```
DESTINATION_ORACLE_HOME\opmn\conf\opmn.xml
```

Locate the following entry for the HTTP_Server component:

<ias-component id="HTTP_Server">
   <process-type id="HTTP_Server" module-id="OHS">
      <module-data>
         <category id="start-parameters">
             <data id="start-mode" value="ssl-disabled"/>
         </category>
      </module-data>
      <process-set id="HTTP_Server" numprocs="1"/>
   </process-type>
</ias-component>

Change the value of the start-mode entry to ssl-enabled.

The resulting entry in the opmn.xml file should appear as follows:

<ias-component id="HTTP_Server">
   <process-type id="HTTP_Server" module-id="OHS">
      <module-data>
         <category id="start-parameters">
             <data id="start-mode" value="ssl-enabled"/>
         </category>
      </module-data>
      <process-set id="HTTP_Server" numprocs="1"/>
   </process-type>
</ias-component>

Re-register the instance with OracleAS Single Sign-On:

Set the ORACLE_HOME environment variable to the new 10g Release 2 (10.1.2) OracleAS Single Sign-On Oracle home, as follows:
```
set ORACLE_HOME=oracle_home_path
```
For example:
```
set ORACLE_HOME=C:\ORACLE\product\IM_1014
```
Run the following command to re-register the instance with OracleAS Single Sign-On:
```
ORACLE_HOME\sso\bin\ssoreg.bat
    -oracle_home_path orcl_home_path
    -site_name instance_name_you_specified_during_upgrade
    -config_mod_osso TRUE
    -mod_osso_url effective_URL_of_the_partner_application
    -u userid 
```
In this example:
- The effective_URL_of_the_partner_application is in this URL format:
```
http://virtual_servername:ssl_port
```
- Replace userid with the Oracle owner.
Note that at this point in the procedure, the upgraded OracleAS Identity Management Oracle home should be a fully working 10g (10.1.4.0.1) OracleAS Identity Management instance running against the OracleAS Metadata Repository database. The load balancer is still pointing to only this new, upgraded instance.
Change the Oracle Delegated Administration Services orcldasurlbase attribute in the directory server, using the following steps:
1. Start Oracle Directory Manager (oidadmin) and connect to the Oracle Internet Directory.
  
  The oidadmin tool is located in the following directory in the destination Oracle home:
```
DESTINATION_ORACLE_HOME\bin\
```
  Make sure you select the SSL Enabled check box when connecting to the directory server.
2. In the System Objects Navigator, navigate to the cn=OperationURLs entry as follows:
```
Entry Management ->
  cn=OracleContext ->
     cn=Products -> 
        cn=DAS -> 
           cn=OperationURLs
```
3. After you select the cn=OperationURLs entry, locate the orcldasurl attribute on the Properties tab in the right pane of the Oracle Directory Manager window.
4. Change the orcldasurlbase attribute so it references the SSL URL for the Oracle Delegated Administration Services:
```
https://virtual_server_name:load_balancer_ssl_listen_port
```

B.5.4.3.2 Configuration Steps When Only the Load Balancer Is Configured for SSL

The following steps apply if both the Oracle HTTP Server and the load balancer are configured to listen for the HTTPS protocol:

Configure the Oracle HTTP Server listener as follows:
1. Use a text editor to locate and open the following Oracle HTTP Server configuration file:
```
DESTINATION_ORACLE_HOME\Apache\Apache\conf\httpd.conf
```
2. Make sure that the ServerName directive is set to the virtual host (for example, imhost.domain.com) and not to the physical host.
3. Save and close the httpd.conf configuration file.
4. Update DCM to recognize the changes made to the Oracle HTTP Server component using the following command:
```
DESTINATION_ORACLE_HOME\dcm\bin\dcmctl updateConfig -ct ohs -d -v
```
Configure OracleAS Single Sign-On to accept authentication requests on the SSL port over the HTTPS protocol by using the following command:
```
ORACLE_HOME\sso\bin\ssocfg.bat https imhost.domain.com 4444
```
In this example:
- imhost.domain.com is the virtual host address configured at the load balancer for HTTPS requests.
- The default HTTPS Listener port is 4444, but this port may differ for your specific installation. You can obtain the correct value for your installation by examining the assigned to the "port" variable in the ssl.conf configuration file.
Re-register the instance with OracleAS Single Sign-On:

Set the ORACLE_HOME environment variable to the new 10g Release 2 (10.1.2) OracleAS Single Sign-On Oracle home, as follows:
```
set ORACLE_HOME=oracle_home_path
```
For example:
```
set ORACLE_HOME=C:\ORACLE\product\IM_1014
```
Run the following command to re-register the instance with OracleAS Single Sign-On:
```
ORACLE_HOME\sso\bin\ssoreg.bat
    -oracle_home_path orcl_home_path
    -site_name instance_name_you_specified_during_upgrade
    -config_mod_osso TRUE
    -mod_osso_url effective_URL_of_the_partner_application
    -u userid 
```
In this example:
- The effective_URL_of_the_partner_application is in this URL format:
```
http://virtual_servername:load_blancer_ssl_port
```
- Replace userid with the Oracle owner.
Note that at this point in the procedure, the upgraded OracleAS Identity Management Oracle home should be a fully working 10g (10.1.4.0.1) OracleAS Identity Management instance running against the OracleAS Metadata Repository database. The load balancer is still pointing to only this new, upgraded instance.
Change the Oracle Delegated Administration Services orcldasurlbase attribute in the directory server, using the following steps:
1. Start Oracle Directory Manager (oidadmin) and connect to the Oracle Internet Directory.
  
  The oidadmin tool is located in the following directory in the destination Oracle home:
```
DESTINATION_ORACLE_HOME\bin\
```
  Make sure you select the SSL Enabled check box when connecting to the directory server.
2. In the System Objects Navigator, navigate to the cn=OperationURLs entry as follows:
```
Entry Management ->
  cn=OracleContext ->
     cn=Products -> 
        cn=DAS -> 
           cn=OperationURLs
```
3. After you select the cn=OperationURLs entry, locate the orcldasurl attribute on the Properties tab in the right pane of the Oracle Directory Manager window.
4. Change the orcldasurlbase attribute so it references the SSL URL for the Oracle Delegated Administration Services:
```
https://virtual_server_name:load_balancer_ssl_listen_port
```

B.5.4.3.3 Configuration Steps When Oracle HTTP Server and the Load Balancer are Not Using SSL

The following steps apply if both the Oracle HTTP Server and the load balancer are configured to listen for the HTTPS protocol;

Configure the Oracle HTTP Server listener as follows:
1. Use a text editor to locate and open the following Oracle HTTP Server configuration file:
```
DESTINATION_ORACLE_HOME\Apache\Apache\conf\httpd.conf
```
2. Make sure that the ServerName directive is set to the virtual host (for example, imhost.domain.com) and not to the physical host.
3. Save and close the httpd.conf configuration file.
4. Update DCM to recognize the changes made to the Oracle HTTP Server component using the following command:
```
DESTINATION_ORACLE_HOME\dcm\bin\dcmctl updateConfig -ct ohs -d -v
```
Configure OracleAS Single Sign-On to accept authentication requests on the SSL port over the HTTPS protocol by using the following command:
```
ORACLE_HOME\sso\bin\ssocfg.bat http imhost.domain.com 7777
```
In this example:
- imhost.domain.com is the address configured at the load balancer for HTTP requests.
- The default HTTP Listener port is 7777, but this port may differ for your specific installation. You can obtain the correct value for your installation by examining the assigned to the "port" variable in the httpd.conf configuration file.
Re-register the instance with OracleAS Single Sign-On:

Set the ORACLE_HOME environment variable to the new 10g Release 2 (10.1.2) OracleAS Single Sign-On Oracle home, as follows:
```
set ORACLE_HOME=oracle_home_path
```
For example:
```
set ORACLE_HOME=C:\ORACLE\product\IM_1014
```
Run the following command to re-register the instance with OracleAS Single Sign-On:
```
ORACLE_HOME\sso\bin\ssoreg.bat
    -oracle_home_path orcl_home_path
    -site_name instance_name_you_specified_during_upgrade
    -config_mod_osso TRUE
    -mod_osso_url effective_URL_of_the_partner_application
    -u userid 
```
In this example:
- The effective_URL_of_the_partner_application is in this URL format:
```
http://virtual_servername:load_balancer_port
```
- Replace userid with the Oracle owner.
Note that at this point in the procedure, the upgraded OracleAS Identity Management Oracle home should be a fully working 10g (10.1.4.0.1) OracleAS Identity Management instance running against the OracleAS Metadata Repository database. The load balancer is still pointing to only this new, upgraded instance.
Change the Oracle Delegated Administration Services orcldasurlbase attribute in the directory server, using the following steps:
1. Start Oracle Directory Manager (oidadmin) and connect to the Oracle Internet Directory.
  
  The oidadmin tool is located in the following directory in the destination Oracle home:
```
DESTINATION_ORACLE_HOME\bin\
```
2. In the System Objects Navigator, navigate to the cn=OperationURLs entry as follows:
```
Entry Management ->
  cn=OracleContext ->
     cn=Products -> 
        cn=DAS -> 
           cn=OperationURLs
```
3. After you select the cn=OperationURLs entry, locate the orcldasurl attribute on the Properties tab in the right pane of the Oracle Directory Manager window.
4. Change the orcldasurlbase attribute so it references the URL for the Oracle Delegated Administration Services:
```
http://virtual_server_name:load_balancer_non_ssl_listen_port
```

B.5.4.4 Task 4d: Finish the Upgrade of the First OracleAS Identity Management Instance

Perform the following steps to finish the upgrade of the first OracleAS Identity Management instance in the OracleAS Cluster (Identity Management) environment:

Enable the monitoring of the instance by Oracle Enterprise Manager Application Server Control by following the instructions in Section 9.1.2.1, "Enabling Monitoring of OracleAS Single Sign-On and Oracle Delegated Administration Services in Application Server Control".
Update the mod_oc4j load balancing directive in the destination Oracle home:
1. Locate and open the following configuration file with a text editor:
```
DESTINATION_ORACLE_HOME\Apache\Apache\mod_oc4j.conf
```
2. Within the mod_oc4j.conf file, add the following line before the </IfModule> element:
```
Oc4jSelectMethod roundrobin:local
```
Update the DCM configuration:
```
DESTINATION_ORACLE_HOME\dcm\bin\dcmctl updateConfig -d -v
```
Note that using only the -d and -v arguments to the dcmctl updateConfig command updates all the component information for DCM. The command also stops some of the processes in the Oracle Identity Management Oracle home.

Stop and then start all the processes in the Oracle Identity Management Oracle home:

DESTINATION_ORACLE_HOME\opmn\bin\opmnctl stopall
DESTINATION_ORACLE_HOME\opmn\bin\opmnctl startall

To ensure that Oracle Application Server maintains the state of stateful Web applications across DCM-Managed OracleAS Cluster, you need to configure state replication for the Web applications.

Configure state replication only on the first node where Oracle Delegated Administration Services is installed.

To configure state replication for the OC4J_Security instance, do the following:

Using the Application Server Control Console, navigate to the Application Server Home page for the instance that contains Oracle Delegated Administration Services.
Click OC4J_SECURITY link on the Application Server Home page.
Click Administration link on the OC4J Home Page.
Click Replication Properties link in the Instance Properties area.
Scroll to the Web Applications section of the page (Figure B-2).

Select the Replicate session state checkbox.

Optionally, you can provide the multicast host IP address and port number. If you do not provide the host and port for the multicast address, it defaults to host IP address 230.230.0.1 and port number 9127. The host IP address must be between 224.0.0.2 through 239.255.255.255. Do not use the same multicast address for both HTTP and EJB multicast addresses.

Note:

When choosing a multicast address, ensure that the address does not collide with the addresses listed in:

http://www.iana.org/assignments/multicast-addresses

Also, if the low order 23 bits of an address is the same as the local network control block, 224.0.0.0 - 224.0.0.255, then a collision may occur. To avoid this problem, provide an address that does not have the same bits in the lower 23 bits of the address as the addresses in this range.

Figure B-2 Web State Replication Configuration

Description of "Figure B-2 Web State Replication Configuration"

B.5.5 Task 5: Using Metadata Repository Upgrade Assistant to Upgrade the Component Schemas in the OracleAS Metadata Repository

Make sure that the OracleAS Identity Management instance (including Oracle Internet Directory) that you upgraded in Section B.3.5, "Task 4: Upgrade the First OracleAS Identity Management Instance" is up and running.

If it is not running, start the Identity Management instance (including Oracle Internet Directory) as follows:
```
ORACLE_HOME\opmn\bin\opmnctl startall
```
Upgrade the Metadata Repository in the newly upgraded database as described in Chapter 8, "Using MRUA to Upgrade the OracleAS Metadata Repository", with the following exception:

On the MRUA command line, enter the address of the load balancer in place of the oid_host and oid_ssl_port arguments.

Note that the values you enter for the -oid_host argument and -oid_ssl_port arguments must match the value of the corresponding properties defined in following configuration file in the Identity Management Oracle home:
```
IDENTITY_MANAGEMENT_HOME/config/ias.properties
```
For example:
```
OIDhost=sys42.acme.com
OIDsslport=636
```
When MRUA finishes processing, verify that the schemas have been upgraded, as described in Section 8.3, "Task 3: Verify the Success of the OracleAS Metadata Repository Upgrade".

B.5.6 Task 6: Installing Subsequent OracleAS Cluster (Identity Management) Instances

Make sure that the Oracle Internet Directory is up and running on the first OracleAS Identity Management instance.
Make sure that the OracleAS Metadata Repository database and listener are up and running.
Make sure that the Load Balancer is configured to direct traffic only to the first Identity Management instance.
Install the new 10g (10.1.4.0.1) OracleAS Identity Management Oracle home by following the instructions in the section "Installing OracleAS Cluster (Identity Management) on Subsequent Nodes," in the Oracle Application Server Installation Guide.
Reconfigure Load Balancer and test the installation.

After a successful installation of the subsequent OracleAS Identity Management Oracle home, configure the Load Balancer to route requests to the new instance.
Repeat this procedure for any additional and subsequent OracleAS Identity Management installations that will be part of the cluster.

B.5.7 Task 7: Verify the Upgrade and Decommission the 10g Release 2 (10.1.2) Oracle Homes

For more information, refer to Chapter 10, "Verifying the Upgrade and Decommissioning the Source Oracle Homes".

B.6 Upgrading an OracleAS Cluster (Identity Management) 10g Release 2 (10.1.2) Distributed Configuration

The following sections describe how to upgrade from a distributed 10g Release 2 (10.1.2) OracleAS Cluster (Identity Management) environment to 10g (10.1.4.0.1):

Task 1: Review the Distributed OracleAS Cluster (Identity Management) Upgrade Requirements
Task 2: Upgrade the Database That Hosts the OracleAS Metadata Repository for the Distributed Environment
Task 3: If Necessary, Upgrade Any 10g (9.0.4) Middle Tiers to 10g Release 2 (10.1.2.0.2) in the Distributed Environment
Task 4: Upgrade the First Oracle Internet Directory Oracle Home in the Distributed Environment
Task 5: Upgrade the First OracleAS Single Sign-On Oracle Home
Task 6: Using Metadata Repository Upgrade Assistant to Upgrade the Component Schemas in the OracleAS Metadata Repository
Task 7: Installing Subsequent Oracle Internet Directory Instances
Task 8: Installing Subsequent OracleAS Single Sign-On Instances
Task 9: Verify the Upgrade and Decommission the 10g Release 2 (10.1.2) Oracle Homes

B.6.1 Task 1: Review the Distributed OracleAS Cluster (Identity Management) Upgrade Requirements

The following sections describe the requirements you must meet in order to upgrade from a 10g Release 2 (10.1.2) distributed OracleAS Cluster (Identity Management) configuration to a 10g (10.1.4.0.1) distributed OracleAS Cluster (Identity Management) configuration:

OracleAS Identity Management Configuration Requirements
Requirements for Colocated Versus Distributed OracleAS Identity Management
OracleAS Metadata Repository Storage Requirements
OracleAS Cluster (Identity Management) Backup Requirements

B.6.1.1 OracleAS Identity Management Configuration Requirements

B.6.1.2 Requirements for Upgrading a Distributed OracleAS Cluster (Identity Management) Configuration

OracleAS Identity Management consists of components that can also be installed separately:

Oracle Internet Directory (OID)
OracleAS Single Sign-On (SSO)
Oracle Delegated Administration Services (DAS)
Oracle Directory Integration Platform (DIP)

This procedure does not include support for Oracle Application Server Certificate Authority (OCA).

This procedure describes how to upgrade a distributed OracleAS Cluster (Identity Management) 10g Release 2 (10.1.2) installation, where the Identity Management components are separated into two tiers. One tier contains the Oracle Application Server Single Sign-On and Oracle Delegated Administration Services components and the second tier contains the Oracle Internet Directory and Oracle Directory Integration Platform components.

See Also:

Section B.5, "Upgrading an OracleAS Cluster (Identity Management) 10g Release 2 (10.1.2) Colocated Configuration" for information about upgrading a colocated OracleAS Identity Management configuration, where all Identity management components are installed in one Oracle home.

A distributed OracleAS Cluster (Identity Management) configuration allows administrators to install the OracleAS Single Sign-On and Oracle Delegated Administration Services components in a the DMZ and the Oracle Internet Directory on the internal network inside the firewall.

Figure B-3 shows such a distributed OracleAS Cluster (Identity Management) 10g Release 2 (10.1.2) environment.

Figure B-3 10g Release 2 (10.1.2) OracleAS Cluster (Identity Management) Distributed Upgrade Starting Point

Description of "Figure B-3 10g Release 2 (10.1.2) OracleAS Cluster (Identity Management) Distributed Upgrade Starting Point"

B.6.1.3 OracleAS Metadata Repository Storage Requirements

A single-instance database
A Real Application Clusters database consisting of more than two nodes

Raw devices
Cluster filesystem (for example, OCFS on Linux)
Network filesystem (for example, supported NAS devices)

B.6.1.4 OracleAS Cluster (Identity Management) Backup Requirements

In addition, shut down all processes and perform a full cold database backup of the middle tiers and Infrastructure Oracle homes.

B.6.2 Task 2: Upgrade the Database That Hosts the OracleAS Metadata Repository for the Distributed Environment

Before you can upgrade to OracleAS Cluster (Identity Management), you must upgrade the database that hosts the OracleAS Metadata Repository to a supported database.

For detailed instructions on upgrading the database that hosts the OracleAS Metadata Repository, see Chapter 6, "Upgrading the Database That Hosts the OracleAS Metadata Repository".

Note:

B.6.3 Task 3: If Necessary, Upgrade Any 10g (9.0.4) Middle Tiers to 10g Release 2 (10.1.2.0.2) in the Distributed Environment

There are certain upgrade scenarios where you might have to upgrade any 10g (9.0.4) middle tiers in your Oracle Application Server environment to 10g Release 2 (10.1.2).

For more information, refer to Chapter 5, "Upgrading 10g (9.0.4) Middle Tiers to 10g Release 2 (10.1.2)".

B.6.4 Task 4: Upgrade the First Oracle Internet Directory Oracle Home in the Distributed Environment

When you upgrade the first OracleAS Identity Management Oracle home, you also upgrade the OracleAS Identity Management schemas in the OracleAS Metadata Repository.

Note that in a distributed OracleAS Cluster (Identity Management) configuration, the OracleAS Single Sign-On instances are clustered together in a Distributed Configuration Management (DCM) Cluster. This ensures synchronization between the configurations of the different Identity Management components on all of the Identity Management instances.

To upgrade the first Oracle Internet Directory Oracle home, use the following steps.

Note:

If you are upgrading a distributed OracleAS Cluster (Identity Management) environment, be sure that the first OracleAS Identity Management instance you upgrade represents one of the OracleAS Single Sign-On Oracle homes.

Make sure that the other OracleAS Identity Management Instances in the environment are down.

Only the Oracle Internet Directory instance that you are upgrading first should be up and running. If necessary, shut down the other OracleAS Identity Management instances.
Configure the Oracle Internet Directory Load Balancer to direct traffic only to the OracleAS Identity Management instance you are about to upgrade.

All Requests should be directed only to the Oracle Internet Directory instance you are about to upgrade. The other OracleAS Identity Management instances in the environment should be shut down.
Use the Oracle Universal Installer and the Oracle Application Server 10g (10.1.4.0.1) installation procedure to upgrade the Oracle Internet Directory instance.

Refer to Section 7.5.3, "Upgrading Distributed OracleAS Identity Management Configurations" for complete instructions on upgrading the first Oracle Internet Directory instance.
Perform any post-upgrade procedures that apply to your OracleAS Identity Management environment.

Refer to Section 9.2, "Task 2: Perform Oracle Internet Directory Post-Upgrade Steps" for more information.

B.6.5 Task 5: Upgrade the First OracleAS Single Sign-On Oracle Home

Follow the steps described in Table B-6 to upgrade the first OracleAS Single Sign-On Oracle home in the distributed OracleAS Cluster (Identity Management) 10g Release 2 (10.1.2) environment.

Table B-6 Steps Required to Upgrade the First OracleAS Single Sign-On Oracle Home in a Distributed OracleAS Cluster (Identity Management) Environment

Step	Description	More Information
1	Start the OracleAS Single Sign-On instance that you are about to upgrade.	Only the Oracle Internet Directory instance that you upgraded first and the current OracleAS Single Sign-On instance that you plan to upgrade next should be up and running. If necessary, shut down the other OracleAS Identity Management instances.
2	Configure the OracleAS Single Sign-On Load Balancer to direct traffic only to the OracleAS Identity Management instance you are about to upgrade.	All requests should be directed only to the OracleAS Single Sign-On instance you are about to upgrade. The other OracleAS Single Sign-On instances in the environment should be shut down.
3	Use the Oracle Universal Installer and the Oracle Application Server 10g (10.1.4.0.1) installation procedure to upgrade the OracleAS Single Sign-On instance.	Refer to Section 7.5.3, "Upgrading Distributed OracleAS Identity Management Configurations" for complete instructions on upgrading the first OracleAS Single Sign-On instance.
4	Perform any post-upgrade procedures that apply to the OracleAS Single Sign-On Oracle home.	Refer to Section 9.3, "Task 3: Perform OracleAS Single Sign-On Post-Upgrade Steps" for more information.
5	Reconfigure the DCM cluster to which the OracleAS Single Sign-On instance belongs.	Refer to Section B.5.4.2, "Task 4b: Reconfigure the DCM Cluster" and perform the steps defined in that section in the OracleAS Single Sign-On Oracle home.
6	Configure the Oracle HTTP Server and OracleAS Single Sign-On to work with the newly upgraded OracleAS Single Sign-On instance.	Refer to Section B.5.4.3, "Task 4c: Configure Oracle HTTP Server and OracleAS Single Sign-On" and perform the steps defined in that section in the OracleAS Single Sign-On Oracle home.
7	Complete the upgrade of the first OracleAS Single Sign-On Oracle home.	Refer to Section B.5.4.4, "Task 4d: Finish the Upgrade of the First OracleAS Identity Management Instance" and perform the steps in that section in the OracleAS Single Sign-On Oracle home.

B.6.6 Task 6: Using Metadata Repository Upgrade Assistant to Upgrade the Component Schemas in the OracleAS Metadata Repository

Make sure that the OracleAS Identity Management instance (including Oracle Internet Directory) that you upgraded in Section B.3.5, "Task 4: Upgrade the First OracleAS Identity Management Instance" is up and running.

If it is not running, start the Identity Management instance (including Oracle Internet Directory) as follows:
```
ORACLE_HOME\opmn\bin\opmnctl startall
```
Upgrade the Metadata Repository in the newly upgraded database as described in Chapter 8, "Using MRUA to Upgrade the OracleAS Metadata Repository", with the following exception:

On the MRUA command line, enter the address of the load balancer in place of the oid_host and oid_ssl_port arguments.

Note that the values you enter for the -oid_host argument and -oid_ssl_port arguments must match the value of the corresponding properties defined in following configuration file in the Identity Management Oracle home:
```
IDENTITY_MANAGEMENT_HOME/config/ias.properties
```
For example:
```
OIDhost=sys42.acme.com
OIDsslport=636
```
When MRUA finishes processing, verify that the schemas have been upgraded, as described in Section 8.3, "Task 3: Verify the Success of the OracleAS Metadata Repository Upgrade".

B.6.7 Task 7: Installing Subsequent Oracle Internet Directory Instances

After you upgrade the first Oracle Internet Directory instance, upgrade the first OracleAS Single Sign-On instance, and upgrade the OracleAS Metadata Repository, you can then install the second Oracle Internet Directory and Oracle Delegated Administration Services instance in the OracleAS Cluster (Identity Management):

Make sure that the first Oracle Internet Directory is up and running on the first OracleAS Identity Management instance.
Make sure that the OracleAS Metadata Repository database and listener are up and running.
Make sure that the Oracle Internet Directory Load Balancer is configured to direct traffic only to the first Oracle Internet Directory instance.
Install a new 10g (10.1.4.0.1) Oracle Internet Directory Oracle home by following the instructions specific to Oracle Internet Directory installation in the section "Installing OracleAS Cluster (Identity Management) on Subsequent Nodes," in the Oracle Application Server Installation Guide.

This step involves running Oracle Universal Installer and installing a new 10g (10.1.4.0.1) Oracle Internet Directory and Oracle Delegated Administration Services Oracle home. During the installation, respond to the installation prompts. In particular, be sure to do the following:
- On the Select Installation Type screen, select Oracle Identity Management.
- On the Select Configuration Options screen:
  - Select Oracle Internet Directory. Do not select Oracle Application Server Single Sign-On.
  - Do not select Oracle Application Server Delegated Administration Services.
  - Select Oracle Directory Integration Platform if you need this component.
  - Do not select Oracle Application Server Certificate Authority (OCA).
  - Select High Availability and Replication.
Reconfigure the Load Balancer and test the installation.

After a successful installation of the subsequent Oracle Internet Directory Oracle home, configure the Load Balancer to route requests to the new instance.
Repeat this procedure for any additional and subsequent Oracle Internet Directory installations that will be part of the cluster.

B.6.8 Task 8: Installing Subsequent OracleAS Single Sign-On Instances

After you upgrade the first Oracle Internet Directory instance, upgrade the first OracleAS Single Sign-On instance, upgrade the OracleAS Metadata Repository, and install any subsequent Oracle Internet Directory instances, you can then install any subsequent OracleAS Single Sign-On instances in the OracleAS Cluster (Identity Management):

Make sure that the Oracle Internet Directory instances and the first OracleAS Single Sign-On is up and running.
Make sure that the OracleAS Metadata Repository database and listener are up and running.
Make sure that the OracleAS Single Sign-On Load Balancer is configured to direct traffic only to the first OracleAS Single Sign-On instance.
Install a new 10g (10.1.4.0.1) OracleAS Single Sign-On Oracle home by following the instructions specific to OracleAS Single Sign-On installation in the section "Installing OracleAS Cluster (Identity Management) on Subsequent Nodes," in the Oracle Application Server Installation Guide.

This step involves running Oracle Universal Installer and installing a new 10g (10.1.4.0.1) Oracle Internet Directory and Oracle Delegated Administration Services Oracle home. During the installation, answer the installation prompts. In particular, be sure to do the following points:
- On the Select Installation Type screen, select Oracle Identity Management.
- On the Select Configuration Options screen:
  - Do not select Oracle Internet Directory.
  - Select Oracle Application Server Single Sign-On.
  - Select Oracle Application Server Delegated Administration Services.
  - Select Oracle Directory Integration Platform if you need this component.
  - Do not select Oracle Application Server Certificate Authority (OCA).
  - Select High Availability and Replication.
- On the Create or Join an OracleAS Cluster (Identity Management) page, select Join an Existing Cluster.
- On the Specify Existing OracleAS Cluster Name screen enter the name of the Oracle Identity Management cluster you want to join.
- On the Specify HTTP Load Balancer Host and Ports screen, be sure to enter the same values for every OracleAS Single Sign-On node in the cluster:
  - HTTP Listener: Port: Enter the port number that you want Oracle HTTP Server to listen on. Enable SSL: Select this option if you want to configure Oracle HTTP Server for SSL on this port.
  - HTTP Load Balancer: Hostname: Enter the name of the HTTP virtual server configured on your load balancer. Enter the same virtual server name that you configured on the load balancer.
  - HTTP Load Balancer: Port: Enter the port for the HTTP virtual server. Enable SSL: Select this option if this port is for SSL communications only.
Reconfigure the Load Balancer and test the installation.

After a successful installation of the subsequent Oracle Internet Directory Oracle home, configure the Load Balancer to route requests to the new instance.
Repeat this procedure for any additional and subsequent Oracle Internet Directory installations that will be part of the cluster.

B.6.9 Task 9: Verify the Upgrade and Decommission the 10g Release 2 (10.1.2) Oracle Homes

For more information, refer to Chapter 10, "Verifying the Upgrade and Decommissioning the Source Oracle Homes".