Skip Navigation Links | |
Exit Print View | |
Oracle Identity Analytics Installation and Upgrade Guide 11g Release 1 |
1. Oracle Identity Analytics 11gR1 Compatibility Matrix
Part II Installing Oracle Identity Analytics
2. Preparing to Install Oracle Identity Analytics
3. Installing Oracle Identity Analytics
Downloading Third-party Library Files
Provisioning Server Connectivity Files
Installing Oracle Identity Analytics
To Create the Oracle Identity Analytics Folder Structure
Windows: To Create the Oracle Identity Analytics Schema on the Database Server
UNIX: To Create the Oracle Identity Analytics Schema on the Database Server
To Configure Oracle Identity Analytics for Standalone Deployment
To Configure Oracle Identity Analytics for Clustered Deployment
4. Deploying Oracle Identity Analytics
5. Verifying the Oracle Identity Analytics Installation
Part III Upgrading Oracle Identity Analytics
6. Overview of the Upgrade Process
7. Preparing to Upgrade Oracle Identity Analytics
8. Upgrading Oracle Identity Analytics in a Test Environment
9. Upgrading Oracle Identity Analytics in a Production Environment
Follow the procedure in this section to install Oracle Identity Analytics 11gR1.
Before You Begin - Prior to installing Oracle Identity Analytics, verify that the following prerequisites have been met:
You should have installed your database and completed the steps in Preparing Your Database in the Chapter 2, Preparing to Install Oracle Identity Analytics chapter.
If your database is installed on the same machine on which you are installing Oracle Identity Analytics, you should create an environment variable that maps to your database installation directory. For example, if you are using Oracle 10g, create an $ORACLE_HOME environment variable and map it to your Oracle installation directory.
If installing on a UNIX® based system, you should have sufficient privileges to create and modify folders in the /opt directory of the file system.
To execute the database schema on the target database, DBA privileges are required. Use root for MySQL, system for Oracle, sa for MS SQL Server, db2admin for DB2, or an account with equivalent privileges.
At a command prompt, type the following commands to create the necessary folder structure.
Windows:
C:\> mkdir Oracle\OIA_11gR1
UNIX:
$ mkdir -p /opt/Oracle/OIA_11gR1
Unpack the Oracle Identity Analytics installation package.
Windows:
unzip oia_install_package.zip -d OIA_11gR1
UNIX:
unzip oia_install_package.zip -d OIA_11gR1
Verify that the Oracle Identity Analytics folder structure was properly created.
The directory that you installed Oracle Identity Analytics to should consist of the following folders and files.
\| .indexes \| folder \|
|
Note - The sample folder contains import and export folders that show the folder structure recommended for file and ETL imports.
Copy the import and export folders (located in the sample folder) to $RBACX_HOME. The import and export folders should be at the same level as conf, .indexes, and reports.
Before You Begin - Prior to creating the Oracle Identity Analytics schema on the Database Server, review the following:
You should have created the Oracle Identity Analytics folder structure as described in the Installing Oracle Identity Analytics section, earlier in this chapter.
Oracle Identity Analytics utilizes an encrypted password when communicating with the database. To change the default database password, use the RBACx Encrypted Password Change Utility that is available from customer support.
If it is necessary to use a database name other than rbacx and a user name other than rbacxservice, open the schema creation script and replace all instances of the default database name and default user name with the names that you will be using instead.
Go to the section that contains instructions for your database server.
Microsoft SQL Server
If SQL Server is installed locally, you can create the Oracle Identity Analytics schema using either the command prompt or the SQL Server Query Analyzer tool or the Management Studio tool. If SQL Server is not installed locally, use the SQL Server Query Analyzer tool or the Management Studio tool to create the schema.
To create the schema and rbacxservice user from a command prompt, follow these steps:
Navigate to C:\Oracle\OIA_11gR1\db by typing:
C:\> cd Oracle\OIA_11gR1\db
Run the following command(s) to execute the schema creation script:
C:\> sqlcmd -S localhost -i rbacx-version_mssql_schema.sql -U sa -P password
To create the schema using Query Analyzer or Management Studio, follow these steps:
Log in to the database server as sa.
Click the Open Query File menu and locate the rbacx-version\mssql_schema.sql file.
Execute the SQL file.
This will create the rbacx database on the server.
Oracle
You can create the Oracle Identity Analytics schema using either the command prompt or the Oracle iSQL Plus Web Console (available in Oracle 10g Database Server). If the Oracle Database Server is not installed locally, use the iSQL Plus Web Console to create the schema.
To create the schema and rbacxservice user from a command prompt, follow these steps:
Navigate to C:\Oracle\OIA_11gR1\db by typing:
C:\> cd Oracle\OIA_11gR1\db
Run the following command(s) to execute the schema creation script:
C:\> sqlplus / as sysdba @rbacx-version_oracle_schema.sql
To create the schema using the iSQL Plus Web Console, follow these steps:
Open the following URL in a web browser.
The default port for the iSQL Plus Web Console is 5560.
http://hostname:5560/isqlplus
Select Load Script and browse to C:\Oracle\OIA_11gR1\db.
Locate the file rbacx-version_oracle_schema.sql and click Load.
The Oracle Identity Analytics schema creation script is loaded into the workspace window.
Click Execute.
The script is executed and the Oracle Identity Analytics schema is created on the system.
DB2
The following steps assume that the DB2 database server is installed locally. One of the following authorizations is required to create the database:
sysadm
sysctrl
To create the schema from a command prompt, follow these steps:
Create a database named rbacx by executing the following command as a DB2 administrator:
C:\ db2cmd db2 CREATE DATABASE rbacx
Change directories to C:\Oracle\OIA_11gR1\db
C:\> cd C:\Oracle\OIA_11gR1\db
Run the following command(s) to execute the schema creation script:
C:\> db2cmd db2 -tvf rbacx-version_db2_schema.sql
MySQL
The following assumes that the MySQL database server is installed locally.
To create the schema from a command prompt, run the following command(s) to execute the schema creation script:
C:\> mysql --user=account --password=password < rbacx-version_mysql_schema.sql
Note - If you are using MySQL 5.0, the lower_case_table_names variable needs to be changed from its default value. Make the following change to lower_case_table_names in the MySQL configuration file.
lower_case_table_names=1
Before You Begin - Prior to creating the Oracle Identity Analytics schema on the Database Server, review the following:
You should have created the Oracle Identity Analytics folder structure as described in the Installing Oracle Identity Analytics section, earlier in this chapter.
Oracle Identity Analytics utilizes an encrypted password when communicating with the database. To change the default database password, use the RBACx Encrypted Password Change Utility that is available from customer support.
If it is necessary to use a database name other than rbacx and a user name other than rbacxservice, open the schema creation script and replace all instances of the default database name and default user name with the names that you will be using instead.
Oracle
You can create the Oracle Identity Analytics schema using either the command prompt or the Oracle iSQL Plus Web Console (available in Oracle 10g Database Server). If the Oracle Database Server is not installed locally under the /opt directory, use the iSQL Plus Web Console to create the schema.
To create the schema and rbacxservice user from a command prompt, follow these steps:
Type:
$ su - oracle
$ export ORACLE_HOME=/opt/oracle/product/10.2.0
$ cd /opt/Oracle/OIA_11gR1/db
Run the following command(s) to execute the schema creation script:
$ sqlplus / as sysdba @rbacx-version_oracle_schema.sql
To create the schema using the iSQL Plus Web Console, follow these steps:
Open the following URL in a web browser.
The default port for the iSQL Plus Web Console is 5560.
http://hostname:5560/isqlplus
Select Load Script and browse to /opt/Sun/RM_5.0/db.
Locate the file rbacx-version_oracle_schema.sql and click Load.
The Oracle Identity Analytics schema creation script is loaded into the workspace window.
Click Execute.
The script is executed and the Oracle Identity Analytics schema is created on the system.
DB2
The following steps assume that the DB2 database server is installed locally and that you are logged in as the rbacxservice user. One of the following authorizations is required to create the database:
sysadm
sysctrl
To create the schema using a terminal session, follow these steps:
Create a database named rbacx by executing the following command as a DB2 administrator:
# db2 CREATE DATABASE rbacx
Change directories to /opt/Oracle/OIA_11gR1/db
# cd /opt/Oracle/OIA_11gR1/db
Run the following command(s) to execute the schema creation script:
# db2 -tvf rbacx-version_db2_schema.sql
MySQL
The following assumes that the MySQL database server is installed locally.
To create the schema from a terminal session, run the following command(s) to execute the schema creation script:
$ mysql --user=account --password=password < rbacx-version_mysql_schema.sql
Note - If you are using MySQL 5.0, the lower_case_table_names variable needs to be changed from its default value. Make the following change to the lower_case_table_names variable in the MySQL configuration file.
lower_case_table_names=1
Follow these steps to build a custom .war file for your environment.
Before You Begin -
Complete the steps in Installing Oracle Identity Analytics.
An installed JDK is required (Version 1.5, at minimum).
You should have downloaded the JDBC connectivity JAR file for your database. See Downloading and Installing JDBC Drivers in the Preparing to Install Oracle Identity Analytics chapter for more information.
You should have created the Oracle Identity Analytics schema on the database server (To Create the Oracle Identity Analytics Folder Structure and Windows: To Create the Oracle Identity Analytics Schema on the Database Server).
Create a backup copy of the original rbacx.war file.
Windows:
C:\> cd C:\Oracle\OIA_11gR1
C:\> mkdir rbacx_original
C:\> copy rbacx.war rbacx_original
A copy of the rbacx.war file is created under C:\Sun\RM_5.0\rbacx_original
UNIX:
$ cd /opt/Oracle/OIA_11gR1
$ mkdir rbacx_original
$ cp rbacx.war rbacx_original/.
A copy of the rbacx.war file is created under /opt/Sun/RM_5.0/rbacx_original
Create an rbacx_staging folder under $RBACX_HOME
Windows:
C:> mkdir rbacx_staging
C:> cd rbacx_staging
UNIX:
$ mkdir rbacx_staging
$ cd rbacx_staging
Extract rbacx.war to rbacx_staging so that configuration changes can be made.
Windows:
C:> jar -xvf ../rbacx.war
UNIX:
$ jar -xvf ../rbacx.war
Navigate to rbacx_staging/WEB-INF
Windows:
C:> cd WEB-INF
UNIX:
$ cd WEB-INF
Update the log4j.properties file with the correct path for your environment.
Note - If the Oracle Identity Analytics log file is going to be created in any folder other than the default log folder as defined by the application server, complete the step. Otherwise, skip and go to the next step.
In a text editor, open the log4j.properties file located in the WEB-INF folder.
Locate the following line under # File Appender
log4j.appender.file.file=logs/rbacx.log
Replace logs/rbacx.log with the full path to where the log file should be written.
For example, the line should look like this:
Windows:
log4j.appender.file.file=C:/Sun/RM_5.0/logs/rbacx.log
UNIX:
log4j.appender.file.file=/opt/Sun/RM_5.0/logs/rbacx.log
Copy the downloaded third-party library files to the Oracle Identity Analytics library under the WEB-INF/lib directory
Windows
copy %RM_LIB%
* WEB-INF\lib
UNIX
cp $RM_LIB/* WEB-INF/lib
Make the following changes if there are multiple instances of Oracle Identity Analytics, standalone or clustered, on the same subnet.
Navigate to rbacx_staging/WEB-INF directory.
In a text editor, open application-context.xml, find bean id commManager, and examine the constructor-arg value.
Set the constructor-arg value with a unique instance name, for example value="SRM-Instance-1".
In a text editor, open search-context.xml, find bean ID searchConfiguration, and examine the constructor-arg value.
The deployment is a standalone, constructor-arg defaults to a value of 0, which is specified as value="0".
Navigate to rbacx_staging/WEB-INF/classes directory and do the following:
In a text editor, open oscache.properties (located in the rbacx_staging/WEB-INF/classes directory), and find the cache.cluster.multicast.ip property.
Uncomment cache.cluster.multicast.ip by removing the # at the start of the line. Each Oracle Identity Analytics instance requires a unique cache.cluster.multicast.ip value.
Run the following commands from the rbacx_staging folder to repack the newly modified rbacx.war file.
The expanded folder structure is repackaged to a .war file, which is required for deployment on the application server.
Windows:
C:\> cd C:\OracleOIA_11gR1\rbacx_staging
C:\> jar -cvfM ../rbacx.war .
The new rbacx.war file is located in C:\Sun\RM_5.0.
UNIX:
$ cd /opt/Oracle/OIA_11gR1/rbacx_staging
$ jar -cvfM ../rbacx.war .
The new rbacx.war file is located in /opt/Sun/RM_5.0.
Delete the rbacx_staging folder.
Windows:
C:\> rmdir /s rbacx_staging
UNIX:
$ /usr/bin/rm -r rbacx_staging
Copy the jdbc.properties file for your database to the Oracle Identity Analytics conf directory, located as follows.
Windows:
C:\>Oracle\OIA_11gR1\conf
UNIX:
/opt/ Oracle/OIA_11gR1/conf
For example, to establish connectivity with MySQL, copy jdbc.properties from the mysql directory to the conf directory.
In a text editor, open the jdbc.properties file and edit the following lines, substituting $SERVER_NAME and $PORT_NUMBER with the host name and connectivity port of the target database.
Oracle
# JDBC driver URL
jdbc.url=jdbc:oracle:thin:@$SERVER_NAME:$PORT_NUMBER:rbacx
The default port number for JDBC connectivity on the Oracle server is 1521 and it is assumed that the default SID is rbacx.
MS SQL Server
# JDBC driver URL
jdbc.url=jdbc:jtds:sqlserver://$SERVER_NAME:$PORT_NUMBER/rbacx; tds=8.0;lastupdatecount=true
The default port number for JDBC connectivity on MS SQL Server is 1433.
DB2
# JDBC driver URL
jdbc.url=jdbc:db2://$SERVER_NAME:$PORT_NUMBER/rbacx
The default port number for JDBC connectivity on DB2 is 50000.
MySQL
# JDBC driver URL
jdbc.url=jdbc:mysql://$SERVER_NAME:$PORT_NUMBER/rbacx
The default port number for JDBC connectivity on MySQL Server is 3306.
Do the following:
Go to the following location and open iam.properties in a text editor.
Windows:
C:\>Oracle\OIA_11gR1\conf
UNIX:
/opt/Oracle/OIA_11gR1/conf
Edit the following lines, replacing $RBACX_HOME with the path to the directory where Oracle Identity Analytics is installed:
com.vaau.rbacx.iam.file.import.completeLocation=$RBACX_HOME/import/complete com.vaau.rbacx.iam.file.import.schemaLocation=$RBACX_HOME/import/schema com.vaau.rbacx.iam.file.import.dropLocation=$RBACX_HOME/import/in com.vaau.rbacx.etl.import.dropLocation=$RBACX_HOME/import/etl/in com.vaau.rbacx.etl.import.graphsLocation=$RBACX_HOME/import/etl/graphs com.vaau.rbacx.etl.import.completeLocation=$RBACX_HOME/import/etl/complete com.vaau.rbacx.etl.import.outputLocation=$RBACX_HOME/import/in com.vaau.rbacx.iam.file.export.dropLocation=$RBACX_HOME/export/etl/in com.vaau.rbacx.iam.file.export.schemaLocation=$RBACX_HOME/export/schema com.vaau.rbacx.etl.export.dropLocation=$RBACX_HOME/export/etl/in com.vaau.rbacx.etl.export.graphsLocation=$RBACX_HOME/export/etl/graphs com.vaau.rbacx.etl.export.completeLocation=$RBACX_HOME/export/etl/complete com.vaau.rbacx.etl.export.outputLocation=$RBACX_HOME/export/out
Follow these steps to build a custom .war file for your environment.
Before You Begin -
Complete the steps in Installing Oracle Identity Analytics.
An installed JDK is required (Version 1.5, at minimum).
You should have downloaded the JDBC connectivity JAR file for your database. See Downloading and Installing JDBC Drivers in the Preparing to Install Oracle Identity Analytics chapter for more information.
You should have created the Oracle Identity Analytics schema on the database server (To Create the Oracle Identity Analytics Folder Structure and Windows: To Create the Oracle Identity Analytics Schema on the Database Server).
Create a backup copy of the original rbacx.war file.
Windows:
C:\> cd C:\{}{}Oracle{}\{}{}OIA_11gR1
C:\> mkdir rbacx_original
C:\> copy rbacx.war rbacx_original
A copy of the rbacx.war file is created under C:\Sun\RM_5.0\rbacx_original
UNIX:
$ cd /opt/ {}Oracle{}/ {}OIA_11gR1
$ mkdir rbacx_original
$ cp rbacx.war rbacx_original/.
A copy of the rbacx.war file is created under /opt/Sun/RM_5.0/rbacx_original
Create an rbacx_staging folder under $RBACX_HOME
Windows:
C:> mkdir rbacx_staging
C:> cd rbacx_staging
UNIX:
$ mkdir rbacx_staging
$ cd rbacx_staging
Extract rbacx.war to rbacx_staging so that configuration changes can be made.
Windows:
C:> jar -xvf ../rbacx.war
UNIX:
$ jar -xvf ../rbacx.war
Navigate to rbacx_staging/WEB-INF
Windows:
C:> cd WEB-INF
UNIX:
$ cd WEB-INF
Update the log4j.properties file with the correct path for your environment.
Note - If the Oracle Identity Analytics log file is going to be created in any folder other than the default log folder as defined by the application server, complete the step. Otherwise, skip and go to the next step.
In a text editor, open the log4j.properties file located in the WEB-INF folder.
Locate the following line under # File Appender
log4j.appender.file.file=logs/rbacx.log
Replace logs/rbacx.log with the full path to where the log file should be written.
For example, the line should look like this:
Windows:
log4j.appender.file.file=C:/Sun/RM_5.0/logs/rbacx.log
UNIX:
log4j.appender.file.file=/opt/Sun/RM_5.0/logs/rbacx.log
Copy the downloaded third-party library files to the Oracle Identity Analytics library under the WEB-INF/lib directory
Windows
copy %RM_LIB%
* WEB-INF\lib
UNIX
cp $RM_LIB/* WEB-INF/lib
Make the following changes to enable Oracle Identity Analytics 11gR1 support for clustered application server deployments.
Navigate to the rbacx_staging/WEB-INF directory.
In a text editor, open application-context.xml, find bean IDcommManager, and examine the constructor-arg value.
Set the constructor-arg value as the cluster name—for example, value="Prod-1-Cluster".
If Oracle Identity Analytics is deployed on multiple clusters within the same subnet, you should define unique constructor-arg values for each deployment. For example, if both clusters Prod-Cluster and QA-Cluster have Oracle Identity Analytics deployed, the constructor-arg values of each should be set to Prod-Cluster and QA-Cluster respectively.
Members of the same cluster should have the same constructor-arg value.
In a text editor, open search-context.xml, find bean ID searchConfiguration, and examine the constructor-arg value.
If the deployment is a clustered deployment, constructor-arg defaults to a value of 1 or 2 depending on the location of the .indexes directory.
To set the constructor-arg value, do the following:
If each clustered node will be accessing local individual .indexes directories, set constructor-arg to 1. For example, value="1"
If clustered nodes will be accessing a shared .indexes directory, set constructor-arg to 2. For example, value="2". The .indexes directory needs to be located on an NFS share location where each clustered node has read-write permission. Edit indexLocation such that the NFS share location replaces $RBACX_HOME in the value field.
If multiple instances of Oracle Identity Analytics standalone or clustered exist on the same subnet, navigate to the rbacx_staging/WEB-INF/classes directory and do the following:
In a text editor, open oscache.properties (located in the rbacx_staging/WEB-INF/classes directory), and find the cache.cluster.multicast.ip property.
Uncomment cache.cluster.multicast.ip by removing the # at the start of the line. Each non-member instance requires a unique cache.cluster.multicast.ip value.
Run the following commands from the rbacx_staging folder to repack the newly modified rbacx.war file.
The expanded folder structure is repackaged to a .war file, which is required for deployment on the application server.
Windows:
C:\> cd C:\Oracle\OIA_11gR1\rbacx_staging
C:\> jar -cvfM ../rbacx.war .
The new rbacx.war file is located in C:\Sun\RM_5.0.
UNIX:
$ cd /opt/Oracle/OIA_11gR1/rbacx_staging
$ jar -cvfM ../rbacx.war .
The new rbacx.war file is located in /opt/Sun/RM_5.0.
Delete the rbacx_staging folder.
Windows:
C:\> rmdir /s rbacx_staging
UNIX:
$ /usr/bin/rm -r rbacx_staging
Copy the jdbc.properties file for your database to the Oracle Identity Analytics conf directory, located as follows.
Windows:
C:\> Oracle\OIA_11gR1\conf
UNIX:
/opt/Oracle/OIA_11gR1/conf
For example, to establish connectivity with MySQL, copy jdbc.properties from the mysql directory to the conf directory.
In a text editor, open the jdbc.properties file and edit the following lines, substituting $SERVER_NAME and $PORT_NUMBER with the host name and connectivity port of the target database.
Oracle
# JDBC driver URL
jdbc.url=jdbc:oracle:thin:@$SERVER_NAME:$PORT_NUMBER:rbacx
The default port number for JDBC connectivity on the Oracle server is 1521 and it is assumed that the default SID is rbacx.
MS SQL Server
# JDBC driver URL
jdbc.url=jdbc:jtds:sqlserver://$SERVER_NAME:$PORT_NUMBER/rbacx; tds=8.0;lastupdatecount=true
The default port number for JDBC connectivity on MS SQL Server is 1433.
DB2
# JDBC driver URL
jdbc.url=jdbc:db2://$SERVER_NAME:$PORT_NUMBER/rbacx
The default port number for JDBC connectivity on DB2 is 50000.
MySQL
# JDBC driver URL
jdbc.url=jdbc:mysql://$SERVER_NAME:$PORT_NUMBER/rbacx
The default port number for JDBC connectivity on MySQL Server is 3306.
Make the following change to jdbc.properties for clustered Quartz support, and save the file:
jdbc.quartz.isClustered=true
Do the following:
Go to the following location and open iam.properties in a text editor.
Windows:
C:\>Oracle\OIA_11gR1\conf
UNIX:
/opt/Oracle/OIA_11gR1/conf
Edit the following lines, replacing $RBACX_HOME with the path to the directory where Oracle Identity Analytics is installed:
com.vaau.rbacx.iam.file.import.completeLocation=$RBACX_HOME/import/complete com.vaau.rbacx.iam.file.import.schemaLocation=$RBACX_HOME/import/schema com.vaau.rbacx.iam.file.import.dropLocation=$RBACX_HOME/import/in com.vaau.rbacx.etl.import.dropLocation=$RBACX_HOME/import/etl/in com.vaau.rbacx.etl.import.graphsLocation=$RBACX_HOME/import/etl/graphs com.vaau.rbacx.etl.import.completeLocation=$RBACX_HOME/import/etl/complete com.vaau.rbacx.etl.import.outputLocation=$RBACX_HOME/import/in com.vaau.rbacx.iam.file.export.dropLocation=$RBACX_HOME/export/etl/in com.vaau.rbacx.iam.file.export.schemaLocation=$RBACX_HOME/export/schema com.vaau.rbacx.etl.export.dropLocation=$RBACX_HOME/export/etl/in com.vaau.rbacx.etl.export.graphsLocation=$RBACX_HOME/export/etl/graphs com.vaau.rbacx.etl.export.completeLocation=$RBACX_HOME/export/etl/complete com.vaau.rbacx.etl.export.outputLocation=$RBACX_HOME/export/out
Note - When the application server is clustered, the nodes can maintain localized import/export directories, or utilize import/export directories on a NFS share. If the nodes use a shared NFS location for import/export, substitute $RBACX_HOME with the path to the NFS share.