Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun[TM] Identitiy Manager 8.0 Upgrade 

Chapter 3
Developing and Testing Your Upgrade

The developing and testing phase of the upgrade consists of the following tasks:

Task 5: Reset Your Development Environment

Task 6: Upgrade Your Development Environment

Task 7: Reset Your Test Environment

Task 8: Execute Your Upgrade Procedure

Task 9: Perform Functional Testing


Task 5: Reset Your Development Environment

You must revert your existing Development environment, or create and set a new Development environment, to the Identity Manager application baseline that corresponds to your Production environment. You must also reset the platform in your Development environment to match the platform in your Production environment. For more information, see Step 1: Document Your Platform.

Use source-control tools to manage your configuration settings, any custom configuration objects, any custom code, test plans, and automated tests.
For more information, see Source-Control and CBE.

If your site's processes allow administrators to change Identity Manager configurations and customizations directly in the Production environment (for example, without updating the baseline version in source-control), then you must compare the current production configurations and customizations to those in the source-control baseline. Identify any changes in the Production environment, apply each change to the Development environment, and re-test as appropriate. Merge these changes into the source-control baseline for your Identity Manager application. If the production changes seem significant and cannot be fully tested in the Development environment, consider promoting the updated Identity Manager baseline to the Test environment and re-testing that baseline before proceeding with the Identity Manager upgrade.


Task 6: Upgrade Your Development Environment

You must perform each of the following steps in your Development environment:

Step 1: Stop Active Sync and Reconciliation

Step 2: Stop the Identity Manager Application

Step 3: Back Up Your Identity Manager Application

Step 4: Remove Hotfixes

Step 5: Take a Snapshot

Step 6: Update Your Platform

Step 7: Upgrade the Identity Manager Product

Step 8: Take Another Snapshot

Step 9: Analyze the Changes

Step 10: Rebuild Any Custom Java

Step 11: Make Necessary Changes in XPRESS

Step 12: Test Your Identity Manager Application in the Development Environment

Step 13: Restart Active Sync and Reconciliation

Step 14: Merge Changes Back into Source-Control


Note

You must perform some of these steps when upgrading any environment. However, many of these steps are unique to the Development environment because this is the environment where you update the baseline for your Identity Manager application.


Step 1: Stop Active Sync and Reconciliation

Set any Active Sync processes to start manually and, if applicable, disable any scheduled reconciliations until the upgrade is finished and appears to be successful.

 Best Practice

Step 1 is optional, but performing this step is considered a best practice when upgrading the Production environment.

Also, if you perform Step 1 in your Production environment, make it a standard step when upgrading all of your other environments.

Step 2: Stop the Identity Manager Application

Quiesce your Identity Manager application and make it unavailable to all administrators and end-users.

Step 3: Back Up Your Identity Manager Application

Make a copy of your existing database and Identity Manager file structure.

Backing up the database and file structure enables you to reinstate your working environment, if necessary.

Step 4: Remove Hotfixes

Remove any hotfix class files from your WEB-INF/classes directory.

Generally, a hotfix class file works only with the specific version of the Identity Manager product for which that hotfix was delivered.

Step 5: Take a Snapshot

Make a copy of your existing configuration objects. Also, make a copy of other types of objects in the repository; or copy at least a representative sampling of those objects.

The Identity Manager product upgrade saves the filesystem artifacts that it overlays, such as JSPs, but the upgrade does not preserve “before-images” of every object that it modifies in the repository. Taking a snapshot enables you to detect changes that the Identity Manager product upgrade makes to objects in the repository.

The following instructions describe how to use Identity Manager’s SnapShot feature to create a baseline of the customized repository objects in your deployment and how to compare two snapshots to determine what changes have been made to certain system objects before and after upgrade.


Note

The SnapShot feature is not intended for detailed, on-going XML diffs — it is only a minimal tool for “first-pass” comparisons.


  1. From the Identity Manager Debug page (Figure 3-1), click the SnapShot button to view the SnapShot Management page.
  2. Figure 3-1  SnapShot Management Page
    Example SnapShot Management Page.

  3. Type a name for the snapshot in the Create text box, and then click the Create button.
  4. When Identity Manager adds the snapshot, the snapshot’s name displays in the Compare menu list and to the right of the Export label.

To compare two snapshots:

  1. Select the snapshots from each of the two Compare menus (Figure 3-2).
  2. Figure 3-2  SnapShot Management Page
    Select a snapshot name from each Compare menu list.

  3. Click the Compare button.
    • If no objects were changed, a message indicates no differences were found.
    • If object changes are detected, a message displays the object type and name, and whether the object is different, absent, or present.

      For example, if an object is present in baseline_1, but not present in baseline_2, then the baseline_1 column indicates Present and the baseline_2 column indicates Absent.

To export a snapshot to a file in XML format, click the snapshot name link.

To delete a snapshot, choose the snapshot name from the Delete menu, and then click the Delete button.

Step 6: Update Your Platform

If the target Identity Manager product version requires changes to your platform, you must makes these changes before upgrading the Identity Manager product.


Caution

If you are using an Oracle repository, the Identity Manager 8.0 repository DDL uses data types that are not properly handled by older Oracle JDBC drivers. The JDBC drivers in ojdbc14.jar do not properly read all of the columns in the log table.

You must upgrade to the oracle11g_jdbc.jar drivers for Identity Manager to work properly.


Step 7: Upgrade the Identity Manager Product

To upgrade the Identity Manager product itself, you might be required to:

Update the Repository Database Tables

Most major releases and some minor releases of Identity Manager include database table changes. Consequently, you might have to modify the sample SQL scripts for your environment.

You must also update the database tables if you made any of the following modifications:

You must remember any changes you make to the sample SQL scripts for each Identity Manager version and use source-control to manage these changes. In the future, you will have to make similar changes to the sample SQL scripts for subsequent Identity Manager versions.

Upgrade the Identity Manager Product

You can use either of the following methods to upgrade the Identity Manager product:

Both methods produce the same results.


Note

In some environments, including on HP-UX, you might prefer using the manual upgrade procedure. For example,

  • If you want to fully automate the upgrade as part of a repeatable upgrade procedure
  • If you have restricted access to your Production environment or cannot start the console

Upgrading the Identity Manager product might modify objects in the Identity Manager repository and in some filesystem artifacts such as JSPs, Identity Manager product JARs, and third-party JARs.

When upgrading the Identity Manager product, be aware of the following:

Troubleshooting Upgrade

If you encounter problems during the upgrade, check the upgrade log files located in the $WSHOME/patches/logs directory. The file names for the logs are based on a timestamp and the stage of the upgrade.

Using the Identity Manager Installer

Use the following steps to upgrade your Development environment using the Identity Manager installation and upgrade program:

  1. Use one of the following methods to start the installer:
    • To use the GUI installer, run the install.bat (for Windows) or install (for UNIX).

      The installer displays the Welcome panel.

    • To activate the installer in nodisplay mode, change to the directory where the software is located, and enter the following command:

      install -nodisplay

      The installer displays the Welcome text, and then presents a list of questions to gather installation information in the same order as the GUI installer.


      Note

      • If no display is present, the installer defaults to the nodisplay option.
      • The installer does not install an older version of the software over a newer version. In this situation, an error message displays and the installer exits.

  2. On the Welcome panel, click Next.
  3. On the Install or Upgrade? panel, select Upgrade, and then click Next.
  4. On the Select Installation Directory panel, select the directory where the earlier Identity Manager version is located and click Next.
  5. The installer displays progress bars for the pre- and post-upgrade processes and then proceeds to Installation Summary panel.

  6. For detailed information about the installation, click Details, view the log file, and click Close to exit the installer.
  7. Remove all of the compiled Identity Manager files from the work directory of the application server.
  8. If you are running Gateway on a remote system, upgrade it by using the following steps.
    1. Log in to the Windows system, and change to the directory where Gateway is installed.
    2. Stop the Gateway service by running the command:
    3. gateway -k

    4. If using Windows 2000 or later, exit all instances of the Services MMC plug-in.
    5. Use the following command to remove the Gateway service:
    6. gateway -r

    7. Back up and delete the existing Gateway files.
    8. Extract the new Gateway files.
    9. If you are installing the newly upgraded Gateway on a system that is not the Identity Manager server, then copy the gateway.zip file from the Identity Manager Installation CD.

    10. Unpack the gateway.zip file into the directory where Gateway was installed.
    11. Run the following command to install the Gateway service:
    12. gateway -i

    13. Run the following command to start the Gateway service:
    14. gateway -s

Upgrading Manually

In some environments, you might want to perform the upgrade steps manually instead of using the Identity Manager installation and upgrade program.


Note

  • Be sure you set the JAVA_HOME environment variable.
  • Make sure that the bin directory in the JAVA_HOME directory is in your path.
  • Any previously-installed hotfixes will be archived to the $WSHOME/patches/HotfixName directory.

The instructions in this section are based on installing Identity Manager on a Tomcat application server. Depending on your application server, you might have to use slightly different commands.


Note

Refer to the appropriate chapter in Sun Java™ System Identity Manager Installation for application server-specific instructions.


    To Install on a Windows Platform

Use the following steps to upgrade Identity Manager manually on a supported Windows platform:

  1. Stop the application server and Sun Identity Manager Gateway.
  2. Update the Identity Manager database.
  3. Enter the following commands to set your environment:
  4. set ISPATH=Path to install software
    set WSHOME=Path to Identity Manager Installation OR Staging Directory
    set TEMP=Path to Temporary Directory


    Note

    If you have a space in the path to the Identity Manager installation directory, you must specify the WSHOME environment variable without double quotes ("), as shown in the following example.

    Do not use trailing slashes (\) when specifying the path even if the path contains no spaces.

    set WSHOME=c:\Program Files\Apache Group\Tomcat 6.0\idm

    or

    set WSHOME=c:\Progra~1\Apache~1\Tomcat~1\idm

    The following path will not work:

    set WSHOME="c:\Program Files\Apache Group\Tomcat 6.0\idm”


  5. Run pre-process:
  6. mkdir %TEMP%
    cd /d %TEMP%
    jar -xvf %ISPATH%\IDM.WAR \
    WEB-INF\lib\idm.jar WEB-INF\lib\idmcommon.jar
    set TMPLIBPTH=%TEMP%\WEB-INF\lib
    set CLASSPATH=%TMPLIBPTH%\idm.jar;\
    %TMPLIBPTH%\idmcommon.jar;
    java -classpath %CLASSPATH% -Dwaveset.home=%WSHOME% \
       com.waveset.install.UpgradePreProcess

  7. Install software:
  8. cd %WSHOME%
    jar -xvf %ISPATH%\IDM.WAR

  9. Run post-process:
  10. java -classpath %CLASSPATH% -Dwaveset.home=%WSHOME%
      com.waveset.install.UpgradePostProcess


    Note

    The installer supports upgrading installations that have renamed, deleted, or disabled the default Configurator account.

    The installer prompts you for user name and password to import the update.xml during the upgrade post process. If the user or password is entered incorrectly, you will be prompted (up to three times) to enter the correct password. The error will be displayed in the text box behind it.

    For manual installation you must provide the -U username -P password flags to pass the credentials to the UpgradePostProcess procedure.


  11. If you installed into a staging directory, create a .war file for deployment to your application server.
  12. Remove the Identity Manager files from the application server work directory.
    To Install on a Unix Platform

Use the following steps to upgrade Identity Manager manually on a supported Unix platform:

  1. Stop the application server and Sun Identity Manager Gateway.
  2. Update the Identity Manager database.
  3. Enter the following commands to set your environment:
  4. export ISPATH=Path to Install Software
    export WSHOME=Path to Identity Manager Installation OR Staging Directory
    export TEMP=Path to Temporary Directory

  5. Run pre-process:
  6. mkdir $TEMP
    cd $TEMP
    jar -xvf $ISPATH/idm.war \
    WEB-INF/lib/idm.jar WEB-INF/lib/idmcommon.jar
    CLASSPATH=$TEMP/WEB-INF/lib/idm.jar:\
    $TEMP/WEB-INF/lib/idmcommon.jar:
    java -classpath $CLASSPATH -Dwaveset.home=$WSHOME \
    com.waveset.install.UpgradePreProcess

  7. Install software:
  8. cd $WSHOME
    jar -xvf $ISPATH/idm.war

  9. Run post-process:
  10. java -classpath $CLASSPATH -Dwaveset.home=$WSHOME
      com.waveset.install.UpgradePostProcess


    Note

    The installer supports upgrading installations that have renamed, deleted, or disabled the default Configurator account.

    The installer prompts you for user name and password to import the update.xml during the upgrade post process. If the user or password is entered incorrectly, you will be prompted (up to three times) to enter the correct password. The error will be displayed in the text box behind it.

    For manual installation you must provide the -U username -P password flags to pass the credentials to the UpgradePostProcess procedure.


  11. Change directory to $WSHOME/bin/solaris or $WSHOME/bin/linux, and then set permissions on the files in the directory so that they are executable.
  12. If you installed into a staging directory, create a .war file for deployment to your application server.
  13. Remove the Identity Manager files from the application server work directory.

Upgrade Gateway and Password Sync

Upgrade every Sun Identity Manager Gateway and Password Sync installation in your environment.

Step 8: Take Another Snapshot

After successfully upgrading the Identity Manager product, make a copy of the existing configuration objects. Also, make a copy of other objects types in the repository; or copy at least a representative sampling of those objects.

The Identity Manager product upgrade does not record the changes it makes to repository objects. If you compare this snapshot to the snapshot that you took before the upgrade, you can easily detect any changes made to repository objects during the upgrade.

Step 9: Analyze the Changes

You must analyze the changes made by the Identity Manager product upgrade and update your configurations and customizations accordingly. For example,

In particular, you must carefully analyze changes made to repository objects during the Identity Manager product upgrade. For example, if the Identity Manager product upgrade modified

After upgrading, restore any customized files and objects.

Restoring Customized Files

During upgrade, Identity Manager automatically copies all customized files, such as JSPs and HTML, into the following directory.

$WSHOME/patches/Sun_Java_System_Identity_Manager_Version_Date_/savedFiles

The following table describes the files in this directory.

Table 3-1  savedFiles Directory File Structure  

File Name

Description

changedFileList

File containing a list of all saved customized files.

This file also contains a list of files (installed with your older version of Identity Manager), that will be overwritten when files of the same name are installed during upgrade.

notRestoredFileList

File containing a list of all customized files that are not restored during the upgrade process.

notInstalledFileList

File containing a list of newer version files that are not installed during the upgrade process.

The upgrade might add some files that were also installed with your original Identity Manager installation. Before overwriting the older files, Identity Manager automatically saves them in the savedFiles directory. See the changedFileList file for a list of these files.

Identity Manager automatically restores most of the files listed in changedFileList during the upgrade process, but does not restore all of them. See the notRestoredFileList for a list of these files. When restoring customized files, Identity Manager overwrites the newer version of the files that were installed during upgrade.

You might have to manually restore some of your file customizations. Review the notRestoredFileList file to see a list of the files that were not restored during upgrade. If you must manually restore any customized files, edit the new file that was installed during upgrade to incorporate your customizations, and then save the newly edited file.

Restoring Customized Objects

If you have configured your form and process mappings in system configuration, you will not have to restore those object customizations after the upgrade. If you have customized objects that are not listed in the system configuration, then you must manually restore these objects by importing the XML for these objects.

As a safety measure, Identity Manager automatically saves many of the commonly customized objects to files when you import update.xml. These files are saved to subdirectories in the WEB-INF/savedObjects directory. These subdirectories are named with timestamp of the time at which the import was performed.

Importing update.xml can create up to three subdirectories in the savedObjects directory. You can manually import the object XML files to restore object customizations.

Step 10: Rebuild Any Custom Java

You must rebuild all of your custom Java classes against the new product libraries For example, you must rebuild any new JAR files, new JDK, or application server libraries.

If recompiling produces deprecation warnings, analyze the deprecation messages, and read the Identity Manager Release Notes, to determine whether you can resolve the deprecation message immediately. If you cannot resolve the deprecation issue immediately, add an item to your project plan to resolve the deprecation message in the future.


Note

Identity Manager does not support deprecated APIs indefinitely. Deprecated classes and methods are generally removed in the next major product release.


Step 11: Make Necessary Changes in XPRESS

Make any forms, rules, and workflows changes in XPRESS.

The forms, rules, and workflows supplied in new Identity Manager product versions are generally backward-compatible with older forms, rules, and workflows. The most common type of change required is to change invocations of Identity Manager Workflow Services or Form Utility methods.


Note

For information about release-specific changes to Workflow Services or Form Utility methods, see the Identity Manager Release Notes for the release to which you are upgrading.


Step 12: Test Your Identity Manager Application in the Development Environment

Restart the application server and test your Identity Manager application at least minimally to confirm that at least the basic functions are working as expected.

You must redeploy your web applications after upgrading Identity Manager because most application servers cache the web.xml file.

For example, if you are using the Sun Java™ System Application Server, you would perform the following steps to redeploy a web application after upgrading Identity Manager.

  1. Log in to the Sun Java System Application Server Administrator interface.
  2. Select Applications > Web Applications from the menu bar.
  3. Locate your web application and click the Redeploy link.
  4. Enable the button next to the Local Packaged File or Directory That is Accessible From the Application Server option.
  5. Click the Browse Folders button and select the top-level folder for your installation. For example
  6. C:\Sun\AppServer\domains\domain1\applications\
    j2ee-modules\idm

  7. Click OK.
  8. Restart the application server.

Step 13: Restart Active Sync and Reconciliation

After successfully upgrading, you must restore the original settings for any Active Sync processes and re-enable any scheduled reconciliations (if applicable).

 Best Practice

Step 13 is optional, but performing this step is considered a best practice when upgrading the Production environment.

Also, if you perform Step 13 in your Production environment, make it a standard step when upgrading all of your other environments.

Step 14: Merge Changes Back into Source-Control


Note

Merging changes back into source-control is specifically listed here as a separate step to highlight its importance. In actual practice, you can merge changes back into source-control as you perform
Steps 9 through 12.


When merging changes back into source-control, you must:


Task 7: Reset Your Test Environment

To perform controlled testing, you must reset your Test environment so that it corresponds to your Production environment as closely as possible.

Step 1: Reset Your Platform to Match Production

To reset your Test environment, ensure that:

Every time you promote an image of your Identity Manager application from the Development environment, you must test your cumulative upgrade procedure. If the upgrade procedure appears to be successful, execute your test plan.

Step 2: Set Up for Functional Testing

To prepare for functional testing, you must create a Test environment that supports controlled testing of your Identity Manager application.

You might want to simulate some aspects of the Production environment, but the primary goal is to verify that the application works as expected. Achieving this goal might require that you to load controlled datasets rather than perfectly realistic ones.

Load test data into your database tables that supports execution of the test cases in your test plan. Ideally, the database tables would also contain data similar to the data in your Production environment.


Task 8: Execute Your Upgrade Procedure

Upgrading a Test environment requires only a subset of the steps you performed when upgrading your Development environment. For example, you do not have to detect changes or update source-control. The updated baseline for your Identity Manager application already contains those changes.

Before upgrading any targeted environments, you must generate an image of your Identity Manager application that is appropriate for that environment. The baseline, and therefore the image, contains

Step 1: Stop Active Sync and Reconciliation

Set any Active Sync processes to start manually and, if applicable, disable any scheduled reconciliations until the upgrade is complete and appears to be successful.

 Best Practice

Step 1 is optional, but performing this step is considered a best practice when upgrading the Production environment.

Also, if you perform Step 1 in your Production environment, make it a standard step when upgrading in all of your other environments.

Step 2: Stop the Identity Manager Application

Quiesce your Identity Manager application and make it unavailable to all administrators and end-users.

Step 3: Back Up Your Identity Manager Application

Make a copy of your existing database and Identity Manager file structure.

Backing up the database and file structure enables you to reinstate your working environment, if necessary.


Note

Always back up the Identity Manager database and file system before applying any Identity Manager patches, service packs, or hotfixes and before going through any major upgrades.


You can use third-party back-up software or a back-up utility supplied with your system to back up the Identity Manager file system. To back up your database, see your database documentation for recommended back-up procedures.

When you are ready to create a backup, you must

  1. Shutdown or idle Identity Manager.
  2. Use your back-up utilities to back up your database and the file system where you installed Identity Manager.

Step 4: Remove Hotfixes

Remove any hotfix class files from your WEB-INF/classes directory.

Hotfix class files generally work only with the specific version of the Identity Manager product for which the hotfix was delivered.

Step 5: Change TaskDefinition Objects

You might find it necessary to upgrade a Production environment that contains executing TaskInstances. Unfortunately, upgrading an Identity Manager TaskDefinition object in the repository can corrupt executing task instances that depend on the TaskDefinition object. This possibility is a particularly important consideration in a Production environment where people are depending on those tasks to complete correctly and to perform their business functions.

Although it is easiest to have users complete their tasks or terminate still-executing tasks prior to upgrade, these options are not always feasible.

If your Production environment might contain executing task instances when you upgrade, be sure your upgrade procedure describes how to address these instances.

 Best Practice

Rename TaskDefinition objects when upgrading in each environment. Use the following process to upgrade TaskDefinition objects in your Production environment:

  1. From the Identity Manager console, rename the current TaskDefinition to include a timestamp.
  2. For example, rename Create User to Create User 20030701.

    You must rename the TaskDefinition object to prevent any problems with existing Create User tasks that might be in a suspended state in Identity Manager. Renaming the TaskDefinition object allows the existing TaskDefinition to keep its unique ID, which is referenced inside suspended tasks.

  3. Load the new TaskDefinition.


Caution

Problems might occur if you change activities or actions.

You may not modify any TaskDefinitions that correspond to live TaskInstances. Identity Manager does not allow you to make these modifications.


Step 6: Update Your Platform

If the target Identity Manager product version requires platform changes, you must make these changes before upgrading the Identity Manager product.

Step 7: Upgrade Your Identity Manager Application

To upgrade your Identity Manager application, you might be required to:

If additional set up is required for your custom integrations in each environment, perform the additional set up as part of this step.

Update Your Database Table Definitions

Verify that your Identity Manager application image includes any SQL scripts needed to update your database table definitions, and that these SQL scripts have been modified to fit your environment.

If your image does not include these SQL scripts, ensure your upgrade procedure specifically describes the modifications required for each environment.

Promote the Identity Manager Application

Promote the Identity Manager application image into your Test environment. Your application image must include the target Identity Manager product version, your updated configuration, and your customizations.

Import a Subset of update.xml

You must import the update.xml file to update the repository objects that are not managed as part of your Identity Manager application baseline.

 Best Practice

Use only one Identity Manager server to import update.xml and have only one Identity Manager server running during the upgrade.

If you start any other Identity Manager servers during the upgrade process, you must stop and restart those servers before making them available again.

Upgrade Your Gateway and Password Sync Components

Upgrade every Sun Identity Manager Gateway or Password Sync installation in your environment.

Step 8: Test Your Identity Manager Application

Restart the application server and test your Identity Manager application at least minimally to verify that the basic functions are working as expected.

You must redeploy your web applications after upgrading Identity Manager because most application servers cache the web.xml file.

For example, if you are using the Sun Java™ System Application Server, you would perform the following steps to redeploy a web application after upgrading Identity Manager.

  1. Log in to the Sun Java System Application Server Administrator interface.
  2. Select Applications > Web Applications from the menu bar.
  3. Locate your web application and click the Redeploy link.
  4. Enable the button next to the Local Packaged File or Directory That is Accessible From the Application Server option.
  5. Click the Browse Folders button and select the top-level folder for your installation. For example
  6. C:\Sun\AppServer\domains\domain1\applications\
    j2ee-modules\idm

  7. Click OK.

Restart the application server.

Step 9: Restart Active Sync and Reconciliation

After successfully completing the upgrade, restore the original settings for any Active Sync processes and for any scheduled reconciliations.

 Best Practice

Step 8 is optional, but performing this step is considered a best practice when upgrading the Production environment.

Also, if you perform Step 8 in your Production environment, make it a standard step when upgrading all of your other environments.

Step 10: Restart the Identity Manager Application

Restart the Identity Manager application to make the application available again to administrators and end-users.


Task 9: Perform Functional Testing

Testing in the Test environment is crucial before you deploy the Development upgrade image into your Production environment.

To test your Test environment after upgrading,

  1. Execute your complete test plan, including any automated tests.
  2. Fix any problems and incorporate the fixes into the source-control baseline in your Development environment.
  3. Repeat the process of resetting your Test environment, upgrading your Test environment, and retesting your Identity Manager application.


Previous      Contents      Index      Next     


Part No: 820-2963-10.   Copyright 2008 Sun Microsystems, Inc. All rights reserved.