Sun Identity Manager 8.1 Upgrade

Task 1: Review Your Production Environment

Upgrading to a newer Identity Manager release might require changes to the platform in your environment. You can determine the best upgrade path and estimate the complexity of the upgrade by assessing and documenting your Production environment.

This section describes the steps that you perform when reviewing your Production environment:


Tip –

If you use source control and CBE to manage this information, these can serve as the documentation for your Identity Manager installation and for your custom components. Review the information and familiarize yourself with the various environments in which you deploy your Identity Manager application, giving particular attention to your Production environment.


Step 1: Document Your Platform

To determine the best upgrade path, use the worksheets provided in Chapter 7, Assessment Worksheets to inventory the components of your current platform, including the following:


Note –

Verify that you are using the correct version of these components for the upgrade version that you want to install. Check Supported Software and Environments in Sun Identity Manager 8.1 Release Notes for details.



Caution – Caution –

If you are using an Oracle® repository, the Identity Manager repository DDL uses data types that are not properly handled by older Oracle JDBC drivers. The JDBC drivers in ojdbc14.jar do not properly read all of the columns in the log table.

You must upgrade to the ojdbc5.jar for JDK 5 drivers for Identity Manager to work properly.


Application Servers

Record the application server version, and note any additional patches or service packs. In addition, record the following:

Database Servers

Record the database server version, and note any additional patches or service packs.

Identity Manager Gateway

Verify which Identity Manager Gateway version you are running by performing the following steps:

  1. Open a command window and execute the following command on each of the Gateway servers:


    gateway -v
    
  2. Record the results.

  3. Record the operating system version of each Gateway server.


    Note –

    The Gateway server version should always be the same as the Identity Manager version.


Java Runtime Environment

Record the currently installed JRETM version required by the lh console. Also record the name of the vendor that supplied the installed JRE (for example, Sun, IBM, Oracle, and so on). When upgrading Identity Manager, you must use a JRE supplied by the same vendor.

Supported Resources

Record supported resource names and versions, and note any additional patches or service packs.

Web Servers

Record the Web server version, and note any additional patches or service packs.

Step 2: Document Your Identity Manager Installation

To determine the best upgrade path, use the worksheets provided in Chapter 7, Assessment Worksheets to inventory the components of your current Identity Manager installation.

The following sections describe methods for collecting this information:

Identity Manager Version

To verify the version number of your current Identity Manager installation, use the Identity Manager Console .

  1. From the command line, type:

    lh console

  2. To display the Identity Manager version number, type:

    version

Identity Manager Assessment Tools

Identity Manager provides the following utilities to list and record your installation information:

To access the installed and inventory utilities, follow these steps:

  1. Open a command window and change directories to $WSHOME/bin.

  2. At the prompt, execute the following command:

    ./lh assessment

  3. At the prompt, type one of the following commands:

    • installed [option] [option]...

    • inventory [option] [option]...

The following tables describe the options that you can use with the installed and inventory utilities.

installed Utility Options

Option 

Function 

Description 

-h

Help 

Displays usage. 

-r

Releases 

Displays only installed releases. 

-p

Patches 

Displays only installed patches. 

-s

Service packs 

Displays only installed service packs. 

-f

Hotfixes 

Displays only installed hotfixes. 


Note –

Be sure to record the manifest file names that are associated with all service packs or patches. For example:


Identity_Manager_8_0_0_0_20080530.manifest

inventory Utility Options

Option 

Function 

Description 

-a

Added 

Displays only added files. 

-d

Deleted 

Displays only deleted files. 

-h

Help 

Displays usage. 

-m

Modified 

Displays only modified files. 

-u

Unchanged 

Displays only unchanged files. 

Step 3: Document Your Custom Components

Use the worksheets provided in Chapter 7, Assessment Worksheets to inventory your custom components, including the following:


Note –

Customized Database Table Definitions

Version 7.1 and version 8.0 of Identity Manager made significant changes to the Identity Manager database table definitions.

If you previously modified the database table definitions for the Identity Manager repository, you must decide whether to make the same modifications to the new and updated tables.

Custom File System Objects

You might need to update your customized file system objects to enable them to function properly with later Identity Manager releases. List any customized file system object names that are in your environment as explained in the following sections.

Modified JavaServer Pages Files

Recent Identity Manager versions might contain API changes. If you have modified .jsp files in your installation, you might have to update them when upgrading. You must update any JSP that was supplied by Identity Manager and changed during a deployment (or a custom JSP that uses Identity Manager APIs) to work with the new JSP structure and API changes for the target release.


Note –

For a detailed description of API changes, see the Identity Manager Release Notes for the release to which you are upgrading.


Use the inventory -m command (described on Identity Manager Assessment Tools) to identify any JSP modifications made in your deployment.

For more information about JSP customizations, see Chapter 11, Editing Configuration Objects, in Sun Identity Manager 8.1 Technical Deployment Overview.

Modified Waveset.properties File

Record any changes that you made to the default Waveset.properties file.

Modified WPMessages.properties File

Record any changes that you made to the default WPMessages.properties file.

Customized Property Files

Record any changes that you made to other property files on your system.

Custom Resource Adapters (and Other Custom Java)

You might have to recompile your custom resource adapters, depending on the target Identity Manager version. All custom Java code that uses Identity Manager APIs (including custom resource adapters) requires a recompile during upgrading. Also, consider other Java classes that use the Identity Manager library.

Modified Stylesheets

Record any changes that you made to the Identity Manager stylesheets.

Custom Repository Objects

You might have to maintain customized repository objects to enable them to function properly with target Identity Manager releases. Record any customized repository objects that are in your environment as explained in the following sections.


Note –

You can use the Identity Manager SnapShot feature to create a baseline or snapshot of the customized repository objects in your deployment, which can be very useful when planning an upgrade. See Step 5: Take a Snapshot for more information.


Modified Forms

You might have to update customized forms to take advantage of current product enhancements.

Modified Workflows

You might have to update customized workflows to take advantage of current product enhancements.

Modified Email Templates

You might have to export customized email templates to take advantage of current product enhancements.

Custom Repository Schema

Significant schema changes occurred between Version 7.0 and Version 8.0 of Identity Manager. If you are upgrading from an earlier version of Identity Manager, you must update your schema.

Other Custom Repository Objects

Record the names of any other custom repository objects that you created or updated. You might have to export these objects from your current installation and then reimport them to the newer version of Identity Manager after upgrading.

Admin group 

Resource form 

Admin role 

Role 

Configuration 

Rule 

Policy 

Task definition 

Provisioning task 

Task template 

Remedy configuration 

User form 

Resource action 

 


Note –

The SPML 2.0 implementation in Identity Manager changed in version 8.0. In previous releases, the SPML objectclass attribute used in SPML messages was mapped directly to the objectclass attribute of Identity Manager User objects. The objectclass attribute is now mapped internally to the spml2ObjectClass attribute and is used internally for other purposes.

During the upgrade process, the objectclass attribute value is automatically renamed for existing users. If your SPML 2.0 configuration contains forms that reference the objectclass attribute, you must manually change those references to spml2ObjectClass.

Identity Manager does not replace the sample spml2.xml configuration file during an upgrade. If you used the spml2.xml configuration file as a starting point, be aware that this file contains a form with references to objectclass that you must change to spml2ObjectClass. Change the objectclass attribute in forms (where it is used internally), but do not change the objectclass attribute in the target schema (where the attribute is exposed externally).


You can use the Identity Manager SnapShot feature to copy the following, specific object types from your system for comparison:

AdminGroup 

ResourceAction 

AdminRole 

Resourceform 

Configuration 

Role 

EmailTemplate 

Rule 

Policy 

TaskDefinition 

ProvisionTask 

TaskTemplate 

RemedyConfig 

UserForm 

For specific instructions, see Step 5: Take a Snapshot.