C Upgrade Process and Utilities

This chapter provides information about the utilities that are called into operation during the upgrade process.

Topics in this chapter include:

• About Upgrade Events

• MigrateOAM Script for Zero Downtime Upgrades

• Primary Utility: obmigratenp

• File Upgrade: obmigratefiles

• Message and Parameter Upgrade: obmigrateparamsg

• Schema Upgrade: obmigrateds

• Data Upgrade: obmigratedata

• Web Server Upgrade: obmigratews

• Component-Specific Upgrades

Note:

Running the tools manually is not recommended. Oracle strongly recommends that you perform a in-place upgrade as described in Part II and Part III or that you perform a zero downtime upgrade as described in Part VI.

C.1 About Upgrade Events

When you upgrade each component, the newest product release is installed over an earlier product release in the same location. This discussion introduces the program-driven processes that occur during component upgrades.

There will be a few differences when you perform an in-place upgrade versus an out-of-place zero downtime upgrade:

• In-place upgrades are initiated using the corresponding Oracle Access Manager 10g (10.1.4.0.1) installer. The arguments needed by the underlying utilities are gathered by the installer. During each component upgrade, the program controls the sequence of events and messages automatically. The process requires very little input from you.

• Out-of-place zero downtime upgrades are initiated using the 10.1.4.2.0 MigrateOAM script from a command-line. In this case, you must manually enter the mode for the operation, and other arguments and parameters, which are then passed to the underlying utilities.

In-place Upgrades: You initiate a component upgrade using the corresponding Oracle Access Manager 10g (10.1.4.0.1) installer. During each component upgrade, the program controls the sequence of events and messages automatically. The component upgrade process requires very little input from you.

After you start an upgrade and specify the same (target) installation directory where the earlier (source) component resides, you are asked if you want to upgrade the earlier version of the component.

If directory names include spaces, a program might not be invoked properly unless you include quotation marks around each path name in any command you use. For example:

obmigratenp.exe -c ois -f 650 -t 700 -s
     "C:\Program Files\NetPoint\identity_20060519_134931"
     -d "C:\Program Files\NetPoint\identity"
     -i "C:\Program Files\NetPoint\identity"

WARNING:

If your directory names include spaces, be sure to include quotation marks around each path name in any command you use.

All Upgrades: Figure C-1 and the process overview that follows it describe a typical component upgrade, which is driven by each program (and the utilities that are called automatically during the process):

• An in-place upgrade is depicted. After you start the installation program for the component, you see a Welcome message and you are asked to provide specific input (such as an installation path name). As automated processing continues, you are asked to accept an operational method (Automatic versus Confirmed), or simply acknowledge that you are ready to continue.

• During a zero downtime upgrade, you manually enter a command line that includes arguments and specifications for the MigrateOAM script. The MigrateOAM script passes the arguments and specifications to other utilities that participate or control the upgrade. Starting with process 3 in Figure C-1, internal processing is similar whether you perform an in-place upgrade or a zero downtime upgrade. For more information about the zero downtime upgrade script and modes, see Chapter 15.

Figure C-1 Program-Driven Events During an In-place Upgrade

Description of "Figure C-1 Program-Driven Events During an In-place Upgrade"

Process overview: When an earlier source is detected and you choose to upgrade

1. The source directory is renamed with a time stamp.

2. The target directory is created and 10g (10.1.4.0.1) files are extracted into it. The latest release must be extracted to the original target path, and languages for the previous installation are detected.

   The English language is upgraded automatically. If 10g (10.1.4.0.1) Language Packs are available in the source directory you can upgrade earlier languages and add new languages.

   Note:

   If you upgrade a multi-language implementation without 10g (10.1.4.0.1) Language Packs, you will lose the multi-language functionality.For more information about multi-language implementations, see Chapter 4, "System Behavior and Backward Compatibility".

3. The obmigratenp utility is called (which determines the release you are migrating from as well as the release you are migrating to) and it internally detects which features need to be upgraded for this particular component and which other utilities to use for those upgrades.

   When your installation includes multiple languages, obmigratenp:

   1. Migrates message catalogs in the default language.

   2. Migrates message catalogs in other selected languages when you have 10g (10.1.4.0.1) Language Packs in the component source directory.

   3. Invokes general upgrades, as discussed in "Primary Utility: obmigratenp".

      Note:

      For details about each utility and the log file generated by each utility, see later discussions in this appendix.

4. The obmigratefiles utility is called to upgrade program and library files.

   1. Required files are extracted to the target directory.

   2. Required configuration and SSL-related files are copied from the renamed source directory to the target directory, and 10g (10.1.4.0.1) is installed.

   For more information, see "File Upgrade: obmigratefiles".

5. The obmigrateparamsg utility is called to upgrade message and parameter catalog files.

   1. Required (.xml and .lst) files are identified in renamed source area.

   2. Files are modified for the latest release and written to the target directory. With 10g (10.1.4.0.1), .LST files are converted to .XML files and customizations made to the originals are retained in the upgraded files.

   For more information, see "Message and Parameter Upgrade: obmigrateparamsg".

6. Schema and Data Upgrades Only: Two utilities (obmigrateds and obmigratedata) are called automatically to initiate Oracle Access Manager schema and data upgrades.

   Zero Downtime Upgrades: The schema and data are upgraded independently. For more information, see "Schema and Data Upgrades with the Zero Downtime Upgrade Method".

   In-Place Upgrades: The schema and data are upgraded together with the master Identity Server (and master Policy Manager when your installation includes the Access System). During subsequent Identity Server (and Policy Manager) upgrades, the initial schema and data upgrade is detected and this portion of the process is skipped. Oracle recommends that you upgrade the Oracle Access Manager schema and data automatically, as described in Part II, "Upgrading the Schema and Data". These upgrades use LDIF files that are specific to your directory server. Each LDIF file includes only changes from one release of Oracle Access Manager to the next. As a result, the schema and data upgrade will repeat one time for each release from your starting release to 10g (10.1.4.0.1). For example, if you are upgrading from release 6.1.1, the schema and data upgrade occurs as follows:

   • From release 6.1.1. to release 6.5

   • From release 6.5 to release 7.0

   • From release 7.0 to 10g (10.1.4.0.1)

7. The obmigratews utility is called to perform a selective Web server configuration file and filter upgrade, if needed, to accommodate changes for newer versions of Policy Manager, WebPass, and WebGate.

   Changes are added to the Web server configuration file.

   For more information, see "Web Server Upgrade: obmigratews".

8. A component-specific utility is used to make changes to related registry entries for Windows, plug-ins, and other files.

   For example:

   1. Identity Server: obMigrateNetPointOis upgrades existing registry entry for the Identity Server to reflect the newer release; modifies PPP catalog if needed; modifies password from password.xml and .lst, if needed; re-creates proper uninstall_info.txt. For details, see "Identity Server: obMigrateNetPointOis".

      Note:

      The password written in the Oracle Access Manager 5.2, password.xml and password.lst files is not encrypted; however, later versions encrypt this. Encryption occurs automatically during an upgrade.

   2. WebPass: obMigrateNetPointWP upgrades existing registry entry for the WebPass to reflect the newer release; modifies password from password.xml and password.lst, if needed. For details, see "WebPass: obMigrateNetPointWP"

   3. Policy Manager: obMigrateNetPointAM upgrades registry entry for Policy Manager; modifies password encryption from password.lst, if needed; copies your custom plug-ins to the target installation directory from your renamed source directory. For details, see "Policy Manager: obMigrateNetPointAM".

   4. Access Server: obMigrateNetPointAAA upgrades registry entry for Access Server; modifies password encryption, if needed; copies your custom plug-ins from your renamed source directory to the target installation directory; upgrades the following failover files:

      AppDB.lst—converted to .xml

      ConfigDB.lst—converted to .xml

      Group.lst—if present, converted to .xml

      UserDB.lst—if present, converted to .xml

      WebResrcDB.lst—converted to .xml

      For more information, see "Upgraded Items".

   5. WebGate: obMigrateNetPointWG upgrades registry entry for the WebGate; modifies password encryption, if needed. For details, see "WebGate: obMigrateNetPointWG".

   6. SDK: obMigrateNetPointASDK is called by obmigratenp to accomplish an Access Manager SDK upgrade.

      The SDK upgrade will be invoked automatically as the last step when upgrading components bundled with SDK (Identity Server and the Oracle Access Manager Connector for WebSphere).

      Note:

      If you decline the automatic SDK upgrade, current SDK configuration settings are not preserved and you must reconfigure SDK using the configureAccessGate tool, as described in the Oracle Access Manager Access Administration Guide

   For details, see "Software Developer Kit (SDK): obMigrateNetPointASDK".

9. Finish as you would any installation.

   For details about what must be handled manually, see "Items that You Must Manually Upgrade".

   Note:

   Upgrades occur incrementally. This means that the sequence of earlier processes begins and the earlier release is upgraded to the next-major release. Following the component-specific upgrade, the process might repeat automatically until all changes between your original release and the latest release are completed.

   If you cancel an upgrade after being informed that the component has been installed, you need to complete the following steps to restore your Oracle Access Manager configuration to the original state.

C.2 MigrateOAM Script for Zero Downtime Upgrades

When you perform a zero downtime upgrade, you must use the MigrateOAM script that is available with Oracle Access Manager Release 10g (10.1.4.2.0). For details about the MigrateOAM script and processing, see "Zero Downtime Upgrade Tools and Processes".

C.3 Primary Utility: obmigratenp

Using the in-place ugprade method, the main utility driving a component upgrade is obmigratenp. If you are using the zero downtime upgrde method, the MigrateOAM script drives the process. The obmigrate utility orchestrates the upgrade process for a component from a given major release X to a given major release Y, as described in Table C-1.

Table C-1 The Upgrade Driver obmigratenp

Description	Function
obmigratenp.exe	Decides and executes any intermediate incremental steps needed to reach a given target release for the component. Invokes other utilities to carry out functions to upgrade the specific component from major release X to major release Y
Path	Component_install_dir\identity|access\oblix\tools\migration_tools\obmigratenp
Command Line	Run obmigratenp.exe without any parameters. This command prints usage along with the meaning of all input parameters.
Other Files Used	Invokes Language Pack extraction to upgrade the default language, determine which additional languages to upgrade and which will not be upgraded. Reads the message catalog, to print messages to the console or while writing to a log file: _install_dir\identity|access\oblix\tools\migration_tools\obmigratenpmsg.xml Reads the parameter file, which includes a section for every component and every x to y upgrade: _install_dir\identity|access\oblix\tools\migration_tools\obmigratenpparams You can specify whether you want to have a certain type of upgrade for that component by setting flags to "true" or "false" to invoke or skip that function, respectively. When a flag is absent in this file, its value is presumed to be false. Flags include: kMigrateWS decides whether obmigratews.exe is executed. kMigrateData and kMigrateSchema determines if obmigrateds.exe. Setting either value to true invokes obmigrateds.exe. kMigrateASDK decides whether re-invocation of obmigratenp.exe is called for the Access Manager SDK upgrade.
Output	This utility drives the overall upgrade process by invoking various utilities and generating the log files described next.
Log File	Generates the log file: install_dir\identity|access\oblix\tools\migration_tools\obmigratenp.log, which typically contains: Component name, source, and target directory Command line used to invoke each upgrade utility Return status of each upgrade utility Other error and informative messages

C.4 File Upgrade: obmigratefiles

obmigratefiles is called by the obmigratenp multiple times to carry out file and folder related upgrades.

File upgrades involve copying required files from the renamed source directory to the target installation directory. The obmigratenp tool calls the obmigratefiles tool, which works on a given map file that specifies:

• The files to be copied

• From which source

• To which target

For more information, see the next process overview.

Process overview: obmigratenp calls obmigratefiles

1. obmigratefiles creates a folder of original files in the source directory in the two following circumstances, because the release 5.2.0 installer (and the 6.0.0 installer on Solaris) does not create a folder of original files:

   • When you are upgrading from Oracle Access Manager 5.2.0

   • When you are upgrading on Solaris from release 6.0.0

   The map file that is used is component_Version_orig_files.lst. For example:

   ois_520_orig_files.lst
   

   or

   ois_600_orig_files.lst
   

   This folder is further used for the message and parameter upgrade.

2. obmigratefiles creates a folder of original files for the current release in the current installation directory using the map file

   component_Version_orig_files.lst.

   For example:

   ois_600_orig_files.lst
   

   The next time an upgrade occurs from this release to a newer release, the folder of original files for this release will be available to use during the message and parameter upgrade.

3. obmigratefiles copies config files, SSL setup-related files, and the like from the renamed source directory to the target installation directory.

   In this case, obmigratefiles works on a given component_base_files. For example:

   ois_base_files.lst
        am_base_files.lst
   

   and so on

   Base files contain the list of configuration files required for the upgrade. Typically, configuration files do not change. Files and directories in the base file are copied during the upgrade, including failover-related files. Any file and directory clean up occurs as needed. For example, if a particular Oracle Access Manager release deletes a file or introduces additional files, these will be treated appropriately. Suppose a file added in Oracle Access Manager 6.0 is not required in 6.5. In this case, the file will be deleted from the later installation.

   1. Upgrade all files listed in the base file.

   2. For all source versions from the base file release to the current source release, upgrade files listed in component_source-version_files.lst files.

   For example, consider upgrading from Oracle Access Manager 5.2. release-specific files exist for Oracle Access Manager 6.0, 6.5, and 7.0. In this case, step 2 copies files listed in ois_610_files.lst, ois_650_files.lst, and ois_700_files.lst. However, when upgrading from Oracle Access Manager 7.0 to 10g (10.1.4.0.1), the current source release is the base file release, therefore step 2 doesn't occur.

   Note:

   In case a deleted file exists in the base file, the deleted file will be removed from the base file list itself. Even if it existed in the earlier Oracle Access Manager release, it is no longer needed in the later release.

Additionally, release-specific files contain changes specific to only a particular component_source-version_files.lst; information that needs to be copied if you are upgrading from that release and there are some deviations. For example, suppose a file is added in Oracle Access Manager 6.0 and 6.5. In this case, you need files for:

ois_600_files.lst
     ois_650_files.lst
     ois_700_files.lst

Note:

If Oracle Access Manager release 6.1 did not require any changes, ois_610_files.lst is not required.

Table C-2 provides more information

Table C-2 File Upgrades with obmigratefiles

Description	Function
obmigratefiles.exe	Reads a given file for a specific component. Copies files from the source directory to the target directory according to the list specified in the file. Processes release-specific files as needed.
Path	Component_install_dir\identity|access\oblix\tools\migration_tools\obmigratefiles
Command Line	Run obmigratefiles.exe without any parameters. This command prints usage along with the meaning of all input parameters. Options include: -m Specifies name of map file to use -s [source_dir] Specifies the source directory. -d [target_dir] Specifies the target directory. -i Specifies the install directory. -l Specifies the language for Message migration. -p Specifies the flag for Language Packs.
Other Files Used	To print messages to the console or while writing to a log file, reads the message catalog: _install_dir\identity|access\oblix\tools\migration_tools\obmigratefilesmsg.xml
Output	This utility copies files based on input parameters.
Log File	Generates the log file: install_dir\identity|access\oblix\tools\migration_tools\obmigratefiles.log, which typically contains: Parameters passed to this utility. Status of every copy-instruction mentioned in used map file. Error messages, if any

C.5 Message and Parameter Upgrade: obmigrateparamsg

The obmigratenp utility calls the obmigrateparamsg utility with the required file for a specific component.

The Message Upgrade Process: Allows you to upgrade earlier messages with new messages and add new messages for the later release. A customized message will be retained. However, if the number of parameters in the message has changed, only the new message is retained. For example:

Original Message—"Cannot copy file %1"

Customized Message—"Failed copy operation for file %1"

New Message—"Cannot copy file %1 from %2 to %3"

Note:

In the examples shown here, the new message is retained.

The Parameter Upgrade Process: Parameter upgrades occur in parameter files. When you have modified parameters in your earlier release of Oracle Access Manager and the new release has modified the same parameter, the obmigrateparamsg utility overwrites the earlier changes. See the log file for changes.

Earlier Oracle Access Manager Versions: Include files named as component_Fromrelease_to_Torelease_msg|param.lst in the directory component_install_dir\identity|access\oblix\tools\migration_tools. For example:

ois_520_to_600_msg.lst
     ois_520_to_600_param.lst

Use of obmigrateparamsg was an iterative process with upgrades occurring for each incremental release.

Note:

As mentioned previously, earlier during the upgrade from release 7.0 to 10g (10.1.4.0.1), .LST files are converted to .XML files and stored in the target directory. Customizations made in earlier .LST catalogs are preserved and appear in the .XML version of the file. No separate manual step is required to preserve customizations.

Oracle Access Manager 10g (10.1.4.0.1): The migration of parameter and message catalogs is performed in a single process. 10g (10.1.4.0.1) includes files named component_release_param_files.lst and component_release_msg_files.lst. For example:

am_700_param_files.lst
     am_700_msg_files.lst

Optional hidden parameters from the earlier release are copied into the target. Hidden parameters are those which Oracle Access Manager supports and which you might want to add.

With Oracle Access Manager 10g (10.1.4.0.1), a path within the _param|msg_files.lst file includes a language ID to handle the multi-language feature available as of Oracle Access Manager 6.5. This looks like the example here:

file:/oblix/lang/%lang%/frontpagemsg.xml

When you specify the -p option, the obmigrateparamsg tool upgrades only message catalogs of the specified languages. The installer detects the language/ language of earlier release according to the following decision and pass it to obmigratenp:

• For 5.2, 6.0 & 6.1–Look into globalparams.xml file for the language tag. For example, language:En_US.

• For 6.5 and Later–Look in obnls.xml for the list of languages.

Table C-3 provides additional information about obmigrateparamsg.

Table C-3 Message and Parameter Upgrades with obmigrateparamsg

Description	Function
obmigrateparamsg.exe	Reads a given file for a specific component. Processes given message/parameter files in the .xml file. For every message/parameter file, obmigrateparamsg: Reads the old release message/parameter file from the renamed source directory. Modifies the message/parameter file as needed. Writes the modified file to the target directory where the new installer has extracted files.
Path	Component_install_dir\identity|access\oblix\tools\migration_tools\obmigrateparamsg
Command Line	Run obmigrateparamsg.exe with the following parameters: obmigratparamsg -s source_dir -d target_install_dir -f component_oldversion_param_files.lst -t component_newversion_param_files.lst -l <langids> [-p] Where -s source_dir identifies the installation directory of the earlier Oracle Access Manager release. -d target_install_dir identifies installation directory of latest release of Oracle Access Manager. Note: This command is executed twice, first for the message catalogs (with the -l option), then for the parameter catalogs (without the -l option). The target_install_dir can be on a different computer from source_dir. -f component_oldversion_param_files.lst -t component_newversion_param_files.lst -l <language> (-l is to be specified only for message migration) [-p] Signifies the message catalog upgrade is to happen only for files under the /lang/langTag folder. To facilitate the migration of only message catalogs of the specified languages, this is used by Language Pack installers.
Other Files Used	To print messages to the console or while writing to a log file, reads the message catalog: install_dir\identity|access\oblix\tools\migration_tools\obmigrateparamsgmsg.lst
Output	This utility upgrades message/parameter files. The log contains all parameters forcefully overwritten/retained.
Log File	Generates the log file: install_dir\identity|access\oblix\tools\migration_tools\obmigrateparamsg.log, which typically contains: Parameters passed to this utility Name of every parameter/message file mentioned in input file and actions taken on this file. For example, replaced the existing parameter/message value with new value, added/deleted parameter/message, and so on. Error messages, if any. Note: When you modify a parameter/message in the earlier release and the current release includes a new parameter/message, you might want to look at these values because obmigrateparamsg has made decisions that you should be aware of.

As discussed in "Mime_types -related Customizations Not Retained", when upgrading from Oracle Access Manager 6.0, multiple entries with the same ParamName in mime_types (.xml and .lst) files are not upgraded:

IdentityServer_install_dir/identity/oblix/apps/admin/bin/mime_types.xml
IdentityServer_install_dir/identity/oblix/apps/admin/bin/mime_types.lst

WebPass_install_dir/identity/oblix/apps/admin/bin/mime_types.xml
WebPass_install_dir/identity/oblix/apps/admin/bin/mime_types.lst

Note:

Both versions of the file are needed. You can remove MIME types that are no longer needed or add new MIME types to be associated with the particular attribute for further use. Simply edit the mime_types.lst and .xml files for the Identity Server, then copy these into the WebPass_install_dir to replace the earlier version.

C.6 Schema Upgrade: obmigrateds

Typically, the Oracle Access Manager schema is enhanced for each major Oracle Access Manager release. For example, when Identity Server functionality is enhanced it might refer to a greater number of schema attributes and object classes than previous versions.

During your upgrade, any differences between an earlier schema release and the next release are uploaded to your directory server using the required schema ldif file for your specific directory server. Every schema ldif file includes entries to modify the schema based on the difference between two versions. Schema ldif files use the following naming convention.

DataType_fromrelease_to_torelease_schema_DsType.ldif

For example:

osd_650_to_700_schema_ad.ldif
     policy_650_to_700_schema_nds.ldif

and so on.

and reside in the directory with various upgrade map files:

Component_install_dir\identity|access\oblix\tools\migration_tools

During the upgrade, the obmigratenp utility reads the file obmigratenpparams.lst and calls obmigrateds to internally upload schema files when the kMigrateData kMigrateSchema flag is set to true in:

Component_install_dir\identity|access\oblix\tools\migration_tools
     \obmigratenpparams.lst

Schema upgrades occur incrementally. This means that the earlier release is upgraded to the next-latest release, the resulting schema is upgraded to the next-latest release, and so on until all interim schema changes between your original release and the latest release are completed. Obsolete schema elements are deleted during the upgrade.

A schema upgrade can occur only with Oracle Access Manager components that interface with the directory server: Identity Server, Policy Manager, and Access Server. Table C-4 provides more information about obmigrateds.

Table C-4 Schema Upgrades with obmigrateds

Description	Function
obmigrateds.exe	Reads configuration files, assesses schema data (OSD), and determines possible directory servers with which Oracle Access Manager is communicating. For example, the directory server containing configuration data, the directory server containing user data, and the directory server containing policy data. Gathers the information required to connect and bind to those directory servers. Locates the schema file for the specific data type, directory type, and the from and to versions, then uploads the appropriate ldif file to the directory server using the ds_conf_update.exe utility Using information read from the OSD (for example, 'o=oblix, ..'node) and configuration files, obmigrateds creates an input map file to be passed to obmigratedata.exe. For example: data_fromrelease_to_torelease_osd.lst -- for osd, policy, and workflow upgrades data_fromrelease_to_torelease_user.lst -- for user data upgrade obmigrateds upgrades configuration data using obmigratedata, which creates an output data file, then deletes the Oracle Access Manager configuration tree from the directory and uploads this output data file to the directory server. For more information, see "Data Upgrade: obmigratedata" obmigrateds upgrades user data using obmigratedata. Note: Starting with release 6.0, and later, the upgrade includes user entries for the "ChallengeResponsePhrase" value with an RC6 encryption scheme. Earlier Oracle Access Manager versions used an RC4 encryption scheme for the same purpose. Note: Zero downtime schema upgrades do not include the data upgrade. For more information, see "About Schema Mode Processing".
Path	Component_install_dir\identity|access\oblix\tools\migration_tools\obmigrateds
Command Line	'Run obmigrateds.exe without any parameters. This command prints usage along with the meaning of all input parameters
Other Files Used	Reads the message catalog here to print messages to the console or while writing to a log file: install_dir\identity|access\oblix\tools\migration_tools\obmigratedsmsg.lst Reads the parameter file obmigratedsparams.lst, gathers data, and determine which flags are set and which type of upgrade to perform: install_dir\identity|access\oblix\tools\migration_tools\obmigratedsparams.lst. Note: obmigratedsparams includes a section for every component. Within every section is a subsection for the upgrade from x to y. For example, the obmigratedsparams section for 'ois' contains a subsection '520_to_600' that contains flags that determine which of the following upgrades to complete: osd/user schema upgrade osd/policy/user data upgrade Each subsection also includes path and filenames (LST or XML) from which obmigrateds can get details about directory servers with OSD, policy data, or user data.
Output	This utility carries out schema and data migration by invoking appropriate utilities.
Log File	Generates the log file: install_dir\identity|access\oblix\tools\migration_tools\obmigrateds.log

C.7 Data Upgrade: obmigratedata

When the newer release of Oracle Access Manager include a new Oracle Access Manager-specific data organization or values, data upgrades occur in much the same way as the schema upgrade. The delta between the old and new versions is determined and the appropriate data ldifs are provided so they can be uploaded to the directory server. An incremental upgrade is performed between each major release and the next major release until you have completed the upgrade. After the upgrade, Oracle Access Manager can identify and use the data present in the directory and run smoothly.

A data upgrade can occur only with Oracle Access Manager components that interface with the directory server: Identity Server, Policy Manager, and Access Server.

Files that contain both object-class and attribute mappings are provided. The object and attribute mapping files reside in:

install_dir\identity|access\oblix\tools\migration_tools\obmigratedata

The object-class mapping filename is oc_Fromrelease_to_Torelease_map.lst. For example:

oc_520_to_600_map.lst
     oc_610_to_650_map.lst 
     oc_650_to_700_map.lst

Note:

There is no data migration from Oracle Access Manager 6.0.0 release 6.1.0. For this reason, there is no oc_600_to_610_map.lst file.

The attribute mapping filenames are appear as:

at_Fromrelease_to_Torelease_map_DataType.lst. For example:

at_520_to_600_map_osd.lst—Oblix schema data
     at_520_to_600_map_policy.lst—NetPoint policy data
     at_520_to_600_map_user.lst—User data
     at_520_to_600_map_wf.lst—Workflow data

as well as files for 600 to 650 and 650 to 700 and 700 to 10g (10.1.4.0.1). For example:

at_600_to_650_map_item.lst 
     at_650_to_700_map_item.lst

where item refers to osd, policy, user, or workflow attribute mapping files.

The obmigrateds utility invokes obmigratedata for data upgrading and passes a map file with initial information—OSD directory, bind DN, password, personoc, groupoc, and the like—to obmigratedata. This map file uses the naming convention:

data_Fromrelease_to_Torelease_osd.lst
     data_Fromrelease_to_Torelease_user.lst

For example:

data_520_to_600_osd.lst
     data_520_to_600_psc.lst
     data_610_to_650_osd.lst
     data_610_to_650_psc.lst
     data_650_to_700_osd.lst
     data_650_to_700_psc.lst
     data_700_to_1014_osd.lst
     data_700_to_1014_psc.lst

This is because the upgrade is carried out in steps. For example, if you start from release 520, data is first upgraded from 520 to 600, then from 610 to 650, from 650 to 700, and finally from 700 to 10g (10.1.4.0.1).

Note:

There is no data upgrade between release 600 and 610. Starting from release 5.2, you upgrade first to release 6.1.1 using 6.1.1 installers; then you complete the upgrade from 6.1.1 using 10g (10.1.4.0.1).

See Table C-5 for more information.

Table C-5 Data Upgrades with obmigratedata

Description	Function
obmigratedata.exe	Accepts a file giving basic required information as input for the target directory server (connectivity details, person and group object classes, and so on). The input file instructs the utility about the file used to obtain object-class mapping. Note: The object class mapping file identifies the file to be used for attribute-level mapping. Reads mapping files, connects to given directory, reads existing data, processes this data based on instructions in the object-class and attribute-mapping files, and creates an output ldif. Note: All mappings file must be present in install_dir\identity|access\oblix\tools\migration_ tools\obmigratedata
Path	Component_install_ dir\identity|access\oblix\tools\migration_ tools\obmigratedata
Command Line	Run obmigratedata.exe with the following parameters. obmigratedata -f ConfigFileName -i install_dir where ConfigFileName is the full path of a file that provides all initially required information so this utility can connect to a given directory server. Additionally, this file contains other information such as the object-class mapping file name, log file name, name of the file giving a list of binary attributes, and so on. Also: install_dir is the target installation directory for this component.
Other Files Used	The object class mapping file defined in the input config file The attribute mapping file(s) as mentioned in the object class mapping file The file listing binary attributes (file name is mentioned in the input config file) The message catalog obmigratedatamsg.lst, while printing to the console or writing to a file: install_dir\identity|access\oblix\tools\migration_tools\obmigratedata\obmigratedatamsg.lst
Output	This utility creates an output ldif file whose name is mentioned in the input config file.
Log File	Generates the log file: install_dir\identity|access\oblix\tools\migration_ tools\obmigratedata The name of the log file is mentioned in the input config file. For example, migration_log_file.lst, which typically contains: Old and new DNs of entries migrated by this utility Success/failure messages for selected migration Other error messages if any

C.8 Web Server Upgrade: obmigratews

Along with Policy Manager, WebPass, and WebGate enhancements might come the need for changes in the supporting Web server configuration file. During the upgrade process, you are asked about automatic Web server configuration file updates. Oracle recommends that you update the Web server configuration file automatically, though you can do this manually following the upgrade.

The obmigratenp utility calls obmigratews to complete the Web server configuration update by passing a map file and other parameters to obmigratews. The map file is named and located as follows:

Component_fromrelease_to_torelease_ws_WebserverType.lst
     install_dir\identity|access\oblix\tools\migration_tools

For example:

am_520_to_600_ws_nsapi.lst

Also, obmigratenp copies the file generated by obmigratews to the original Web server configuration file. Thus the Web server configuration file gets the required changes for the newer release of the component. See Table C-6 for more information.

Table C-6 Web Server Configuration Upgrades with obmigratews

Description	Function
obmigratews.exe	Reads the input map file, modifies content of this file using input values of old and new installation directories. Modifies the given input Web server configuration file according to the content created using the map file. Writes the Web server configuration to a new output file whose name is passed to this utility as one of the parameters.
Path	Component_install_ dir\identity|access\oblix\tools\migration_ tools\obmigratews
Command Line	Run obmigratews without any parameters. This command prints usage along with the meaning of all input parameters.
Other Files Used	To print messages to the console or while writing to a log file, reads the message catalog: install_dir\identity|access\oblix\oblix\tools\migration_ tools\obmigratewsmsg.lst
Output	This utility creates a modified release of the Web server configuration file.
Log File	Generates the log file: install_dir\identity|access\oblix\tools\migration_ tools\obmigratews.log

C.9 Component-Specific Upgrades

Every component needs special treatment during the upgrade to accommodate specific registry changes, modifying specific files, and the like. As a result, obmigratenp.exe calls the appropriate utility depending upon the component selected for the upgrade. Typical actions taken during this sequence include:

• Copy/modify specific files

• Modify existing component specific registry entry

• Copy specific plug-ins

Each component-specific utility is described as follows:

• Identity Server: obMigrateNetPointOis

• WebPass: obMigrateNetPointWP

• Policy Manager: obMigrateNetPointAM

• Access Server: obMigrateNetPointAAA

• WebGate: obMigrateNetPointWG

• Software Developer Kit (SDK): obMigrateNetPointASDK

C.9.1 Identity Server: obMigrateNetPointOis

To accomplish a Identity Server upgrade, the obmigratenp tool calls the obMigrateNetPointOis tool. See Table C-7 for more information.

Table C-7 Identity Server Upgrade with obMigrateNetPointOis

Description	Function
obMigrateNetPointOis.exe	Upgrades the existing registry entry for the Identity Server to reflect the newer Oracle Access Manager release. Modifies the PPP catalog file, if required, to ensure it is usable with the newer Oracle Access Manager release. Encrypts the password written in password.xml, when upgrading from Oracle Access Manager 5.2. Deletes install_dir\identity\oblix\tools\setup\uninstall_info.txt, if present, and creates it again with proper information on Windows systems.
Path	install_dir\identity\oblix\tools\migration_ tools\obMigrateNetPointOis
Command Line	Run obMigrateNetPointOis without any parameters. This command prints usage along with the meaning of all input parameters.
Other Files Used	To print messages to the console or while writing to a log file, reads the message catalog: install_dir\identity\oblix\oblix\tools\migration_ tools\obMigrateNetPointOismsg.lst
Output	A new flag (encoding) is added to the oblixpppcatalog.lst file automatically to ensure backward compatability with earlier plug-ins. A backward-compatible Identity Server continues to send data to earlier plug-ins in Latin-1 encoding (earlier plug-ins will set data in Latin-1 encoding; new plug-ins will set data in UTF-8 encoding). Modifies the registry entry for the Identity Server. Modifies the PPP catalog file. Modifies password.xml. Creates proper uninstall_info.txt.
Log File	Generates the log file: install_dir\identity\oblix\tools\migration_ tools\obMigrateNetPointOis.log. Typically this file contains: Parameters passed to this utility. Status of each action taken by this utility.

C.9.2 WebPass: obMigrateNetPointWP

To accomplish a WebPass upgrade, obmigratenp calls obMigrateNetPointWP. See Table C-8 for more information.

Table C-8 WebPass Upgrade with obMigrateNetPointWP

Description	Function
obMigrateNetPointWP.exe	Upgrades the existing registry entry for the WebPass to reflect the newer Oracle Access Manager release. When upgrading from Oracle Access Manager 5.2, encrypts the password written in password.xml. On Windows systems, deletes the file uninstall_info.txt, if present, and creates it again with proper information: install_dir\identity\oblix\tools\setup\uninstall_ info.txt
Path	install_dir\identity\oblix\tools\migration_ tools\obMigrateNetPointWP
Command Line	Run obMigrateNetPointWP without any parameters to print usage and the meaning of all input parameters.
Other Files Used	To print messages to the console or while writing to a log file, reads the message catalog: install_dir\identity\oblix\tools\migration_ tools\obMigrateNetPointWPmsg.lst
Output	Modifies the registry entry for the WebPass. Modifies password.xml.
Log File	Generates the log file: install_dir\identity\oblix\tools\migration_ tools\obMigrateNetPointWP.log

C.9.3 Policy Manager: obMigrateNetPointAM

To accomplish an Policy Manager (formerly known as the Access Manager component) upgrade, obmigratenp calls obMigrateNetPointAM. See Table C-9 for more information.

Table C-9 Policy Manager Upgrade with obMigrateNetPointAM

Description	Function
obMigrateNetPointAM.exe	Upgrades the existing registry entry for the Policy Manager to reflect the newer release. When upgrading from release 5.2, encrypts the password written in password.lst. Modifies install_dir\access\oblix\data\common\ldapuserdbparams.lst if required. Copies custom plug-ins from renamed source directory to target directory
Path	install_dir\access\oblix\tools\migration_ tools\obMigrateNetPointAM
Command Line	Run obMigrateNetPointAM without parameters to print usage.
Other Files Used	To print messages to the console or while writing to a log file, reads the message catalog: install_dir\access\oblix\oblix\tools\migration_ tools\obMigrateNetPointAMmsg.lst
Output	Modifies the registry entry for the Policy Manager. Modifies password.xml. Copies custom plug-ins to target directory.
Log File	Generates the log file: install_dir\access\oblix\tools\migration_ tools\obMigrateNetPointAM.log

C.9.4 Access Server: obMigrateNetPointAAA

To accomplish an Access Server upgrade, the obmigratenp utility calls the obMigrateNetPointAAA utility. See Table C-10 for more information.

Table C-10 Access Server Upgrade with obMigrateNetPointAAA

Description	Function
obMigrateNetPointAAA.exe	Upgrades the existing registry entry for the Policy Manager to reflect the newer release. When upgrading from release 5.2, encrypts the password written in password.lst. Modifies install_dir\access\oblix\data\common\ldapuserdbparams.lst if required. Copies custom plug-ins from renamed source directory to target directory
Path	install_dir\access\oblix\tools\migration_ tools\obMigrateNetPointAAA
Command Line	Run obMigrateNetPointAAA without parameters to print usage.
Other Files Used	To print messages to the console or while writing to a log file, reads the message catalog: install_dir\access\oblix\oblix\tools\migration_ tools\obMigrateNetPointAAA.lst
Output	A new parameter "IsBackwardCompatible" Value="true" is set in the Access Server globalparams.xml file automatically. A backward-compatible Access Server continues to send (and receive) data to earlier custom authentication and authorization plug-ins in Latin-1 encoding (earlier custom plug-ins will set data in Latin-1 encoding; new plug-ins will set data in UTF-8 encoding). Modifies the registry entry for the Access Server. Modifies password.xml. Copies custom plug-ins to target directory.
Log File	Generates the log file: install_dir\access\oblix\tools\migration_ tools\obMigrateNetPointAAA.log

C.9.5 WebGate: obMigrateNetPointWG

To accomplish an WebGate upgrade, obmigratenp calls obMigrateNetPointWG. See Table C-11 for more information

Table C-11 WebGate Upgrade with obMigrateNetPointWG

Description	Function
obMigrateNetPointWG.exe	Upgrades the existing registry entry for the WebGate to reflect the newer Oracle Access Manager release. Encrypts the password written in password.lst, when upgrading from Oracle Access Manager 5.2.
Path	install_dir\access\oblix\tools\migration_tools\obMigrateNetPointWG
Command Line	Run obMigrateNetPointWG without parameters to print usage.
Other Files Used	To print messages to the console or while writing to a log file, reads the message catalog: install_dir\access\oblix\tools\migration_tools\obMigrateNetPointWGmsg.lst
Output	Modifies the registry entry for the WebGate. Modifies password.lst.
Log File	Generates the log file: install_dir\access\oblix\tools\migration_ tools\obMigrateNetPointWG.log

C.9.6 Software Developer Kit (SDK): obMigrateNetPointASDK

To accomplish a Software Developer Kit upgrade, obmigratenp calls obMigrateNetPointASDK. See Table C-12 for more information.

Table C-12 SDK Upgrade with obMigrateNetPointASDK

Description	Function
obMigrateNetPointASDK.exe	Upgrades the existing registry entry for the Access Manager SDK to reflect the newer release. Encrypts the password written in password.lst, when upgrading from release 5.2.
Path	install_dir\access\oblix\tools\migration_ tools\obMigrateNetPointASDK
Command Line	Run as obmigrateAccessSDK -fromver <oldVer> -tover <newVer> -srcdir <dir> -dstdir <dir>
Other Files Used	To print messages to the console or while writing to a log file, reads the message catalog: install_dir\oblix\tools\migration_ tools\obMigrateNetPointASDKmsg.lst
Output	Modifies the registry entry for the Access Manager SDK. Modifies password.lst.
Log File	Generates the log file: install_dir\oblix\tools\migration_ tools\obMigrateNetPointASDK.log