Sun Java System Identity Server 2004Q2 Migration Guide |
Chapter 1
Upgrading Identity Server 6.1 to Identity Server 2004Q2This chapter describes how to upgrade Sun ONE Identity Server 6.1 or 6.1 Service Pack (SP) 1 to Sun Java System Identity Server 2004Q2. Topics include:
Requirements for Upgrading to Identity Server 2004Q2The requirements for upgrading from Identity Server 6.1 to Identity Server 2004Q2 include:
Supported Platforms
Identity Server 2004Q2 is supported on these platforms:
For more information about these platforms, refer to the Sun Java Enterprise System 2004Q2 Release Notes.
Other platforms such as Windows are not supported in this release.
Identity Server Requirements
This chapter describes how to upgrade Identity Server 6.1 to Identity Server 2004Q2. To upgrade from Identity Server 6.0 or iPlanet Directory Server Access Management Edition (DSAME) 5.1, you must first upgrade the older version to Identity Server 6.1.
For information about upgrading older versions, see the instructions in the Sun ONE Identity Server 6.1 Migration Guide on the following web site:
http://docs.sun.com/doc/816-6771-10
The Identity Server 6.1 Migration Guide includes:
Directory Server Requirements
Identity Server 2004Q2 supports either Directory Server 5 2004Q2 or Directory Server 5.1 Service Pack (SP) 1 (or newer).
If you want to upgrade Directory Server 5.1, follow the instructions in the Directory Server 5 2004Q2 Installation and Migration Guide on the following Web site:
http://docs.sun.com/coll/DirectoryServer_04q2
If you have Identity Server 6.1 or 6.1 SP1 and Identity Server 2004Q2 running concurrently against the same shared Directory Server, the Directory Server must be upgraded to include the Identity Server 2004Q2 schema elements. For other coexistence requirements, see Identity Server Coexistence.
Web Container Requirements
To upgrade to Identity Server 2004Q2, you must be using one of the following products as your web container:
If you need to upgrade your web container, refer to Upgrading the Web Container Software.
Upgrading an Instance of Identity ServerThis section includes the following information about upgrading an instance of Identity Server 6.1:
Backing up Web Container Customized Files
Before you upgrade, back up any web container customized files related to Identity Server 6.1, including:
Tip: Make a list of your customizations so you can redo them after you upgrade and then verify that they work correctly.
Upgrading the Web Container Software
Identity Server 2004Q2 supports Web Server 6.1 SP2 or Application Server 7.0 Update 3 as a web container. If you are using an older version, you must upgrade the web container software before you can upgrade to Identity Server 2004Q2.
For information about upgrading web container software, refer to the respective web container documentation:
Also, if you saved any customization files under Backing up Web Container Customized Files, you will need to redo the customizations after you upgrade the web container.
Running the Pre-Upgrade Script
The Identity Server 2004Q2 pre-upgrade script (pre61to62upgrade) is part of the Sun Java Enterprise System archive and is available in the following directory after you uncompress the archive:
JavaEnterpriseSystem_base/Solaris_sparc/Product/identity_srv/Tools
where JavaEnterpriseSystem_base is the directory where you uncompressed the archive.
The pre-upgrade script performs these functions:
- Backs up Identity Server 6.1 by running the am2bak script
- Removes the Identity Server 6.1 packages (but not Directory Server or web container packages) and then updates the /var/sadm/install/productregistry file to reflect that the packages have been removed
- Writes the Sun_Java_System_Identity_Server_upgrade_log.timestamp log file to the /var/sadm/install/logs directory
To run the pre-upgrade script, Directory Server must be running.
Before you run the pre-upgrade script, use the Pre-Upgrade Script Worksheet to record the information you will need to provide.
To Run the Pre-Upgrade Script
- Log in as or become superuser (root).
- Verify that Directory Server is running. For example:
# ps -ef | grep slapd
If Directory Server is not running, start it. For example:
# cd /var/opt/mps/serverroot/slapd-instance-name
# ./start-slapd
- Move to the directory where the pre-upgrade script exists and then run the script. For example:
# cd JavaEnterpriseSystem_base/Solaris_sparc/Product/identity_srv/Tools
# ./pre61to62upgrade
- When you are prompted by the script, enter the following information:
- Directory Server fully qualified host name. For example: ds.example.com
- Directory Server port number. Default is 389.
- Distinguished name (DN) and password of the top-level Identity Server administrator. For example: uid=amAdmin,ou=People,dc=example,dc=com
- Directory where the script should back up the Identity Server 6.1 files. For example: /opt/is_backup
- Certificate directory of the web container. For example: /opt/SUNWwbsvr/alias
The pre-upgrade script displays its status as it runs. Be sure to allow the script to finish completely. If you stop the script before it has finished, the results will be unpredictable.
After the script finishes, you are ready to install Identity Server 2004Q2.
Installing Identity Server 2004Q2
To install Identity Server 2004Q2, you must run the Sun Java Enterprise System installer. For information about the installer, refer to the Sun Java Enterprise System Installation Guide on the following web site:
http://docs.sun.com/coll/entsys_04q2
When you run the installer, you must provide the same information that was used for your Identity Server 6.1 (2003Q4) configuration, as described in this section.
Before you run the installer, use the Identity Server 2004Q2 Installation Worksheets to record this information.
Identity Server 6.1 Information
Web Container Used for Identity Server 6.1
Directory Server That Supported Identity Server 6.1
Other Installation Choices
Other installation choices you must make are:
- On the “Identity Server: Web container for running Identity Server services (4 of 6)” panel, for the Administration Console, check “Deploy new console”.
- On the “Identity Server: Directory Server Information (6 of 6)” panel, for “Is Directory Server provisioned with user data?”, check “yes” and provide values for the following marker and naming attributes:
Running the Post-Upgrade Script
The Identity Server post-upgrade script (Upgrade61DitTo62) is available in the following directory after you install Identity Server 2004Q2:
where IdentityServer_base is the Identity Server 2004Q2 base installation directory. The default base installation directory is /opt on Solaris systems and /opt/sun on Linux systems.
The post-upgrade script performs these functions:
To run the post-upgrade script, Directory Server must be running. During the script, you will be asked to restart Directory Server before the script can continue. At the end, you will also be asked to restart both Directory Server and the web container for the changes to take effect.
Before you run the pre-upgrade script, use the Post-Upgrade Script Worksheet to record the information you will need to provide.
To Run the Post-Upgrade Script
- Log in as or become superuser (root).
- Verify that Directory Server is running. For example:
# ps -ef | grep slapd
If Directory Server is not running, start it. For example:
cd /var/opt/mps/serverroot/slapd-instance-name
./start-slapd
- Run the post-upgrade script. For example, on Solaris systems::
cd IdentityServer_base/SUNWam/migration/61to62/scripts
./Upgrade61DitTo62
where IdentityServer_base is the Identity Server 2004Q2 base installation directory.
- When you are prompted by the script, provide the following information:
- Directory Server fully qualified host name–For example: ds.example.com
- Directory Server port number–Default is 389.
- Distinguished name (DN) and password of the Directory Manager
- Distinguished name (DN) and password of the top-level Identity Server administrator–For example: uid=amAdmin,ou=People,dc=example,dc=com
- When you are prompted by the script, restart Directory Server. The script pauses for you to perform the restart.
- After you restart Directory Server, return to the script and press Enter to continue. After the script has finished, it displays the following message:
YOU MUST RESTART THE DIRECTORY AND WEB SERVERS FOR THE UPGRADE CHANGES TO TAKE EFFECT.
- Restart Directory Server and the web container.
After Directory Server and the web container are running, you are ready to verify that the upgrade was successful.
Verifying the Upgrade
If you customized your Identity Server 6.1 installation, you must manually redo the customizations in your new Identity Server 2004Q2 installation.
Here are several ways to verify that the upgrade was successful:
where host-name.domain-name:port is the fully qualified host name and port of the web container you are using.
When the Identity Server login page appears, log in as amadmin. Click the “Service Configuration” tab. If the new Identity Server 2004Q2 services such as “Discovery Service” and “Liberty and Personal Profile Service” are available, the upgrade of Identity Server on the specific web container should be successful.
Upgrading Multiple InstancesThis section describes how to upgrade multiple Identity Server 6.1 instances running on different hosts that share the same Directory Server.
Identity Server 6.1 and Identity Server 2004Q2 instances installed on different hosts can run concurrently against the same shared Directory Server. For more information, including the Directory Server requirements, see Identity Server Coexistence.
To Upgrade an Instance
- Log in as or become superuser (root).
- Stop all Identity Server 6.1 instances that access the Directory Server. For example, on Solaris systems:
# cd /IdentityServer_base/SUNWam/bin
# ./amserver stopwhere IdentityServer_base is the Identity Server 6.1 base installation directory.
Stopping all instances prevents Identity Server from making changes to the Directory Server while you are performing the upgrade.
- Start the Identity Server 6.1 instance you want to upgrade. For example:
# ./amserver start
- Upgrade the Identity Server 6.1 instance you started in Step 3, as described in Upgrading an Instance of Identity Server.
During the upgrade of the first instance, the post-upgrade script (Upgrade61DitTo62) upgrades the Identity Server schema to Identity Server 2004Q2. During subsequent upgrades of other instances, however, the post-upgrade script detects that the Directory Server has already been upgraded and does not try to upgrade it again.
- Restart the instance you just upgraded.
Repeat Step 3 through Step 5 for each Identity Server 6.1 instance on a different host that you want to upgrade.
- If there are any Identity Server 6.1 instances you did not upgrade, restart those instances. For information about the co-existence of Identity Server 6.1 and Identity Server 2004Q2, see Identity Server Coexistence.
Upgrading the Identity Server SDKTo upgrade an Identity Server 2003Q4 (6.1) SDK only installation, you must uninstall the 2003Q4 version and then re-install the 2004Q2 version.
To upgrade an Identity Server SDK only installation
- Back up your Identity Server 2003Q4 configuration files, including the AMConfig.properties and serverconfig.xml files. (The upgrade process will not affect your user data.)
- Uninstall the Identity Server 2003Q4 SDK by following the instructions in the Sun Java Enterprise System 2003Q4 Installation Guide (http://docs.sun.com/doc/816-6874).
- Install the Identity Server 2004Q2 SDK by following the instructions in the Sun Java Enterprise System 2004Q2 Installation Guide (http://docs.sun.com/doc/817-5760).
- Incorporate the configuration changes you saved in Step 1 into the new Identity Server 2004Q2 configuration files.
Identity Server CoexistenceIdentity Server 6.1 and Identity Server 2004Q2 can coexist and run concurrently against the same shared Directory Server, if these requirements are met:
Usually, the coexistence of Identity Server 6.1 and Identity Server 2004Q2 is a transitional phase during an Identity Server 2004Q2 upgrade. During the upgrade process, some Identity Server 6.1 servers are upgraded to version 2004Q2 before the other version 6.1 servers are upgraded. The Directory Server is upgraded to the version 2004Q2 schema when you upgrade the first Identity Server 6.1 server.
Then, both any upgraded version 2004Q2 servers and any remaining Identity Server 6.1 servers and applications can run against the upgraded Directory Server.
To access the Identity Server 2004Q2 features, including new services, new attributes in existing services, and new policy plug-ins, use the Identity Server 2004Q2 console. Do not use the Identity Server 6.1 admin console to access Identity Server 2004Q2.
Using Portal Server Mobile AccessTo use Java System Portal Server Mobile Access, change the Identity Server Client Detection global attributes as follows:
- Access the Identity Server 2004Q2 console using the following URL:
http://host-name.domain-name:port/amconsole
where host-name.domain-name:port is the fully qualified host name and port of the web container you are using.
- When the Identity Server login page appears, log in as amadmin.
- On the console, click the Service Configuration tab.
The console displays the Service Configuration options in the navigation frame.
- In the navigation frame under Service Configuration, click Client Detection.
- For Client Detection, set the following items in the data frame:
- Click Save.