test

Sun Identity Manager 8.1 Upgrade

Task 8: Execute Your Upgrade Procedure

Upgrading a Test environment requires only a subset of the steps that you performed when upgrading your Development environment. For example, you do not have to detect changes or update source control. The updated baseline for your Identity Manager application already contains those changes.

Before upgrading any targeted environments, you must generate an image of your Identity Manager application that is appropriate for that environment. The baseline, and therefore the image, contains the following:

Step 1: Stop Active Sync and Reconciliation

Set any Active Sync processes to start manually and, if applicable, disable any scheduled reconciliations until the upgrade is complete and appears to be successful.

Tip –

Step 1 is optional, but performing this step is considered a best practice when upgrading the Production environment.

Also, if you perform Step 1 in your Production environment, make it a standard step when upgrading in all of your other environments.

Step 2: Stop the Identity Manager Application

Quiesce your Identity Manager application and make it unavailable to all administrators and end users.

Step 3: Back Up Your Identity Manager Application

Make a copy of your existing database and Identity Manager file structure.

Backing up the database and file structure enables you to reinstate your working environment, if necessary.

Note –

Always back up the Identity Manager database and file system before applying any Identity Manager patches, service packs, or hotfixes and before going through any major upgrades.

You can use third-party backup software or a backup utility supplied with your system to back up the Identity Manager file system. To back up your database, see your database documentation for recommended backup procedures.

ProcedureTo Back Up Your Identity Manager Application

  1. Shutdown or idle Identity Manager.

  2. Use your backup utilities to back up your database and the file system where you installed Identity Manager.

Step 4: Remove Hotfixes

Remove any hotfix class files from your WEB-INF/classes directory.

Hotfix class files generally work only with the specific version of the Identity Manager product for which the hotfix was delivered.

Step 5: Change TaskDefinition Objects

You might find it necessary to upgrade a Production environment that contains executing task instances. Unfortunately, upgrading an Identity Manager TaskDefinition object in the repository can corrupt executing task instances that depend on the TaskDefinition object. This possibility is a particularly important consideration in a Production environment where people are depending on those tasks to complete correctly and to perform their business functions.

Although it is easiest to have users complete their tasks or terminate still-executing tasks prior to upgrade, these options are not always feasible.

If your Production environment might contain executing task instances when you upgrade, be sure that your upgrade procedure describes how to address these instances.

Tip –

Rename TaskDefinition objects when upgrading in each environment. Use the following process to upgrade TaskDefinition objects in your Production environment:

  1. From the Identity Manager console, rename the current TaskDefinition to include a time stamp.

  2. Load the new TaskDefinition.

Caution – Caution –

Problems might occur if you change activities or actions.

Note that you cannot modify any TaskDefinitions that correspond to live TaskInstances. Identity Manager does not allow you to make these modifications.

Step 6: Update Your Platform

If the target Identity Manager product version requires platform changes, you must make these changes before upgrading the Identity Manager product.

Step 7: Upgrade Your Identity Manager Application

To upgrade your Identity Manager application, you might be required to do the following:

Note –

About Data Sources

If you use a JDBC data source defined in your application server as your Identity Manager repository location, be aware that this data source might not work outside the application server. In other words, a JDBC data source provided by an application server might be available for use only by web applications that run in that container.

The Identity Manager product upgrade process runs outside the application server, just like the Identity Manager console. Therefore, in each environment where Identity Manager normally uses a data source, your upgrade procedure might need to include steps to switch to a JDBC DriverManager connection.

You can temporarily replace the ServerRepository.xml file that specifies a data source with another ServerRepository.xml file that specifies a JDBC DriverManager connection. Restore the original ServerRepository.xml file as a subsequent step in your upgrade procedure.

Alternatively, you can expand the Identity Manager application WAR file onto the file system, specify WSHOME as the file system location, and use this “side” environment to perform a manual upgrade process or to perform any step that requires a console, such as importing a subset of update.xml or renaming TaskDefinition objects.

If additional setup is required for your custom integrations in each environment, perform the additional setup as part of this step.

Update Your Database Table Definitions

Verify that your Identity Manager application image includes any SQL scripts needed to update your database table definitions, and that these SQL scripts have been modified to fit your environment.

If your image does not include these SQL scripts, ensure that your upgrade procedure specifically describes the modifications required for each environment.

Promote the Identity Manager Application

Promote the Identity Manager application image into your Test environment. Your application image must include the target Identity Manager product version, your updated configuration, and your customizations.

Import a Subset of update.xml

You must import the update.xml file to update the repository objects that are not managed as part of your Identity Manager application baseline.

Tip –

Use only one Identity Manager server to import update.xml and have only one Identity Manager server running during the upgrade.

If you start any other Identity Manager servers during the upgrade process, you must stop and restart those servers before making them available again.

Upgrade All Gateway Instances

Upgrade every Sun Identity Manager Gateway installation in your environment. See To Upgrade the Identity Manager Gateway.

Caution – Caution –

Newer versions of Identity Manager server will not work with older versions of the Gateway. All Gateway and Identity Manager Server installations should be updated within the same maintenance window.

Upgrade All PasswordSync Instances

Upgrade every PasswordSync installation in your environment. SeeUpgrade All PasswordSync Instances.

Unless the Release Notes specify otherwise, newly installed versions of the Identity Manager server provide limited, temporary support for older versions of PasswordSync. This support is provided so that Identity Manager can continue to run while you upgrade your PasswordSync instances. All instances of PasswordSync should be updated to the same version as Identity Manager Server as soon as possible.

Step 8: Test Your Identity Manager Application

You must redeploy your web applications after upgrading Identity Manager because most application servers cache the web.xml file.

Restart the application server and test your Identity Manager application at least minimally to verify that the basic functions are working as expected.

ProcedureTo Redeploy Your Identity Manager Application

If you are using the Sun GlassFish Enterprise Server, perform the following steps to redeploy Identity Manager.

  1. Log in to the GlassFish administrator interface.

  2. Choose Applications > Web Applications from the menu bar.

  3. Locate your web application and click the Redeploy link.

  4. Click the button next to the Local Packaged File or Directory That Is Accessible From the Application Server option.

  5. Click the Browse Folders button and select the top-level folder for your installation.

    For example:

    C:\Sun\AppServer\domains\domain1\applications\j2ee-modules\idm

  6. Click OK.

  7. Restart the application server.

Step 9: Restart Active Sync and Reconciliation

After successfully completing the upgrade, restore the original settings for any Active Sync processes and for any scheduled reconciliations.

Tip –

Step 9 is optional, but performing this step is considered a best practice when upgrading the Production environment.

Also, if you perform Step 9 in your Production environment, make it a standard step when upgrading all of your other environments.

Step 10: Restart the Identity Manager Application

Restart the Identity Manager application to make the application available again to administrators and end users.