Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java Enterprise System 5 Update 1 Upgrade Guide for UNIX 

Chapter 16
Portal Server Secure Remote Access

This chapter describes how to upgrade Portal Server Secure Remote Access to Java ES 5 Update 1 (Release 5U1): Sun Java System Portal Server Secure Remote Access 7.1U2. It covers both feature upgrades from previous Java ES release families and maintenance upgrades from Java ES.

The chapter provides an overview of upgrade considerations for the different upgrade paths supported by Release 5U1. The chapter covers upgrades on both the Solaris and Linux operating systems:

Overview of Portal Server Secure Remote Access Upgrades

This section describes the following general aspects of Portal Server Secure Remote Access that impact upgrading to Java ES 5 Update 1 (Release 5U1):

About Release 5U1 Portal Server Secure Remote Access

Portal Server Secure Remote Access (consisting of Gateway, Rewriter Proxy, Netlet Proxy components is closely coupled to Portal Server, though usually deployed on computers different from the one hosting Portal Server. Portal Server Secure Remote Access components use the same administrative infrastructure as Portal Server proper and interact with servlets and applets residing on the computer hosting Portal Server.

Release 5U1 Portal Server Secure Remote Access is a maintenance release that fixes bugs in Release 5U1 Portal Server Secure Remote Access. Release 5U1 Portal Server Secure Remote Access was a feature release, with many new enhancements and features with respect to Release 4.

Many of these changes were made in an Interim Feature Release (IFR) subsequent to Release 4. Release 5U1 therefore represents only minor feature changes with respect to the IFR. For information about the IFR enhancements and new features, see the Sun Java System Portal Server 7.1 Release Notes, http://docs.sun.com/doc/819-4986/6n4l3f365?a=view. In particular, the Release 4 command line administrative interface was replaced by the psadmin command.

Portal Server Secure Remote Access Upgrade Roadmap

Table 16-2 shows the supported Portal Server Secure Remote Access upgrade paths to Release 5U1. The table applies to both Solaris and Linux operating systems.

Table 16-2 Upgrade Paths to Java ES 5 Update 1 (Release 5U1): Portal Server Secure Remote Access 7.1U2  

Java ES Release

Portal Server Secure Remote Access Version

General Approach

Reconfiguration Required

Release 5

Sun Java System Portal Server Secure Remote Access 7.1

Maintenance upgrade. Apply patches and run an update script, psupdate.

None

Interim Feature Release (IFR)

Sun Java System Portal Server Secure Remote Access IFR 7.0 2005Q4

Feature upgrade. Indirect upgrade performed by upgrading first to Release 5 and then upgrading Release 5 to Release 5U1.

None.

Release 4

Sun Java System Portal Server Secure Remote Access 6.3.1 2005Q4

Feature upgrade. Direct upgrade performed using an upgrade script, psupgrade.

None.

Release 3

Sun Java System Portal Server Secure Remote Access 6.3.1 2005Q1

Feature upgrade. Direct upgrade performed using an upgrade script, psupgrade.

None.

Release 2

Sun Java System Portal Server Secure Remote Access
6.3 2004Q2

Feature upgrade. Indirect upgrade performed by upgrading first to Release 5 and then upgrading Release 5 to Release 5U1.

None.

Release 1

Sun ONE Portal Server Secure Remote Access 6.2 (2003Q4)

Feature upgrade. No direct upgrade, but can be performed by upgrading first to Release 3 and then upgrading from Release 3 to Release 5U1.

Configuration data

Pre-dates Java ES releases

 

Feature upgrade. No direct upgrade.

 

Portal Server Secure Remote Access Data

The following table shows the type of data that could be impacted by an upgrade of Portal Server Secure Remote Access software.

Table 16-3 Portal Server Secure Remote Access Data Usage 

Type of Data

Location

Usage

Configuration data

PortalServer6Config-base/

Configuration of Portal Server Secure Remote Access.

Directory schema

Services configuration

User data

Directory Server

Portal Server Secure Remote Access depends on services configurations, such as the portal desktop, and user profile data that is stored in a directory.

Dynamic application data

None

Portal Server Secure Remote Access does not persistently store application data such as session state.

Portal Server Secure Remote Access Upgrade Strategy

Your strategy for upgrading Portal Server Secure Remote Access generally depends on the many considerations discussed in Chapter 1, "Planning for Upgrades": upgrade path, dependencies between Java ES components, selective upgrade versus upgrade all, multi-instance deployments, and so forth.

This section is to particularize that general discussion to Portal Server Secure Remote Access by presenting issues that might influence your Portal Server Secure Remote Access upgrade plan.

Compatibility Issues

Release 5 Portal Server Secure Remote Access introduced public interface changes in the psadmin command used to start and stop Gateway, Rewriter Proxy, and Netlet Proxy components. See the Sun Java System Portal Server 7.1 Command-Line Reference, http://docs.sun.com/doc/819-5030.

Individual Portal Server Secure Remote Access components (including the Gateway, the Rewriter Proxy, and the Netlet Proxy) are not backwardly compatible with earlier versions; all need to be synchronized, along with Portal Server itself, at Release 5U1. This requirement applies to Portal Server Secure Remote Access components that are local as well as distributed.

In addition, there is an incompatibility between the Directory Server data structures used by Release 5 and Release 5U1 Portal Server and earlier Portal Server versions. This incompatibility impacts a rolling upgrade of multiple Portal Server Secure Remote Access instances using the same Directory Server data.

Portal Server Secure Remote Access Dependencies

Portal Server Secure Remote Access is closely coupled with Portal Server, depending on software packaged with Portal Server and running on the same computer as Portal Server.

However, Portal Server Secure Remote Access also depends on other Java ES components. These dependencies can impact your procedure for upgrading and re-configuring Portal Server Secure Remote Access software. Changes in Portal Server Secure Remote Access interfaces or functions, for example, could require upgraded version of components upon which Portal Server Secure Remote Access depends. The need to upgrade such components depends upon the specific upgrade path.

Portal Server Secure Remote Access components have dependencies on the following Java ES components:

Selective Upgrade Issues

While, in general, Java ES 5 Update 1 supports selective upgrade of all components on a computer, the fact that Portal Server Secure Remote Access is closely tied to Portal Server means that Portal Server Secure Remote Access must be upgraded if Portal Server is upgraded. Similarly, upgrade of Portal Server Secure Remote Access requires that Portal Server also be upgraded.

As a result, the upgrade of Portal Server Secure Remote Access is bound by the same restrictions as Portal Server (see Portal Server Selective Upgrade Issues): you can either upgrade Portal Server Secure Remote Access and all of its product component dependencies to Release 5U1, or upgrade only Portal Server Secure Remote Access and Portal Server to Release 5U1, leaving other product component dependencies at Release 4.

Dual Upgrade

Dual upgrades, in which both Portal Server Secure Remote Access and operating system are upgraded (as described in Dual Upgrades: Java ES and Operating System Software) can be performed using the in-place operating system upgrade approach:

  1. Back up existing Portal Server Secure Remote Access data.

    2. See Portal Server Secure Remote Access Data for the location of essential data.

  2. Upgrade the operating system.

    3. The upgrade leaves the existing file system in place.

  3. Upgrade to Release 5U1 Portal Server Secure Remote Access.

    4. See the appropriate section of this chapter, depending on upgrade path.

Upgrading Portal Server Secure Remote Access from Java ES 5

This section includes information about upgrading Portal Server Secure Remote Access from Java ES 5 (Release 5) to Java ES 5 Update 1 (Release 5U1). The section covers the following topics:

Introduction

When upgrading Release 5 Portal Server Secure Remote Access to Release 5U1, consider the following aspects of the upgrade process:

Release 5 Portal Server Secure Remote Access Upgrade

This section describes how to perform an upgrade of Portal Server Secure Remote Access from Java ES Release 5 to Release 5U1 on both the Solaris and Linux platform. Where a topic depends on platform-specific procedures, the topic will indicate the operating system to which it applies. The section covers the following topics:

Pre-Upgrade Tasks

Before you upgrade Portal Server Secure Remote Access software you should perform the following tasks:

Verify Current Version Information

You can verify the current version of Portal Server Secure Remote Access using the following command:

Upgrade Portal Server Secure Remote Access Dependencies

It is generally recommended that all Java ES components on a computer system (and in a computing environment) be upgraded to Release 5U1. Release 5U1 Portal Server Secure Remote Access has no hard upgrade dependencies on shared components. Upgrade of shared components is therefore optional. However, Release 5U1 Portal Server Secure Remote Access has a hard upgrade dependency on Portal Server, which must therefore be upgraded to Release 5U1 before upgrading Portal Server Secure Remote Access.

Back Up Release 5 Portal Server Secure Remote Access Configuration Information

Upgrade of Portal Server Secure Remote Access to Release 5U1 does not require the reconfiguration of Portal Server Secure Remote Access software. Therefore backup of configuration information is optional.

Obtain Required Configuration Information and Passwords

The psupdate script used in performing the upgrade of Release 5 Portal Server Secure Remote Access requires you to input the following information required for Directory Server access:

Be sure to assemble the relevant information before beginning the Portal Server Secure Remote Access upgrade.

Upgrading Release 5 Portal Server Secure Remote Access (Solaris)

This section discusses considerations that impact the upgrade procedure for Portal Server Secure Remote Access, followed by a description of the procedure itself.

Upgrade Considerations (Solaris)

The upgrade of Portal Server Secure Remote Access software to Java ES Release 5U1 takes into account the following considerations:

Upgrade Procedure (Solaris)

The procedure documented below applies to Portal Server Secure Remote Access instances residing locally on the computer where the upgrade is taking place.

  1. Log in as root or become superuser.

    2. su -

  2. Make sure you have upgraded any Java ES components upon which Portal Server Secure Remote Access has hard upgrade dependencies (see Upgrade Portal Server Secure Remote Access Dependencies).
  3. Stop any instances of the Portal Server Secure Remote Access Gateway, Rewriter Proxy, or Netlet Proxy that might be running locally.
  1. Obtain the latest Portal Server Secure Remote Access upgrade patches, based on Table 16-5.

    2. To obtain the patch, see Accessing Java ES Patches. Patches can be downloaded to /workingDirectory.

  2. Apply the appropriate Portal Server Secure Remote Access core and, if needed, localization patches in Table 16-5, in that order.

    3. patchadd /workingDirectory/patch_ID

    Be sure to consult the README.patch_ID file for additional patch installation instructions.

  3. Confirm that the patch upgrades were successful:

    4. showrev -p | grep patch_ID

    The output should return the versions of patch IDs applied in Step 5.

  4. Run the psupdate script.

    5. cd PortalServer7-base/bin
    ./psupdate -a

    If the psupdate command fails on the Solaris 10 platform, modify the value of LD_LIBRARY_PATH to remove /usr/lib (or prepend /usr/lib/mps/sasl2) and then run the psupdate script again.

    The script requests you to input additional information needed to upgrade Portal Server Secure Remote Access (see Obtain Required Configuration Information and Passwords).

    Note

    Be sure you enter correct values for psupdate parameters, as you can't go back and change them, and it is also very difficult to roll back changes made by the psupdate script.

  5. Start instances of the Gateway, Rewriter Proxy, or Netlet Proxy that were stopped in Step 3.

    6. PortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
        -f     passwordFile --name default --type gateway

    PortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
        -f     passwordFile --name default --type nlproxy

    PortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
        -f     passwordFile --name default --type rwproxy

Upgrading Release 5 Portal Server Secure Remote Access (Linux)

This section discusses considerations that impact the upgrade procedure for Portal Server Secure Remote Access, followed by a description of the procedure itself.

Upgrade Considerations (Linux)

The upgrade of Portal Server Secure Remote Access software to Java ES Release 5U1 on the Linux platform takes into account the same considerations as on the Solaris platform (see Upgrade Considerations (Solaris)), except that the Linux Release 5U1 upgrade patches differ from the Solaris patches.

The Release 5U1 Portal Server Secure Remote Access upgrade patches for Linux OS are shown in the following table:

Table 16-6 Patches1 to Upgrade Portal Server Secure Remote Access on Linux 

Description

Patch ID and RPM names

Portal Server core

124303-07

  • sun-portal-admin-7.1-2.07.i386.rpm
  • sun-portal-base-7.1-2.07.i386.rpm
  • sun-portal-portlets-7.1-2.07.i386.rpm
  • sun-portal-search-7.1-2.07.i386.rpm
  • sun-portal-sracommon-7.1-2.07.i386.rpm
  • sun-portal-sracore-7.1-2.07.i386.rpm
  • sun-portal-sragateway-7.1-2.07.i386.rpm
  • sun-portal-sranetletproxy-7.1-2.07.i386.rpm
  • sun-portal-srarewriterproxy-7.1-2.07.i386.rpm

Portal Server localization

125302-04

  • sun-portal-admin-l10n-7.1-2.1.i386.rpm
  • sun-portal-base-l10n-7.1-2.1.i386.rpm
  • sun-portal-portlets-l10n-7.1-2.1.i386.rpm
  • sun-portal-search-l10n-7.1-2.1.i386.rpm
  • sun-portal-sracommon-l10n-7.1-2.1.i386.rpm
  • sun-portal-sracore-l10n-7.1-2.1.i386.rpm
  • sun-portal-sranetletproxy-l10n-7.1-2.1.i386.rpm

1Patch revision numbers are the minimum required for upgrade to Release 5U1. If newer revisions become available, use the newer ones instead of those shown in the table.

Upgrade Procedure (Linux)

The procedure documented below applies to Portal Server Secure Remote Access instances residing locally on the computer where the upgrade is taking place.

Caution

An upgrade from Release 5 to Release 5U1 on Linux cannot be rolled back. Make sure you back up your system before performing the following procedure.

  1. Log in as root or become superuser.

    2. su -

  2. Make sure you have upgraded any Java ES components upon which Portal Server Secure Remote Access has hard upgrade dependencies (see Upgrade Portal Server Secure Remote Access Dependencies).
  3. Stop any instances of the Portal Server Secure Remote Access Gateway, Rewriter Proxy, or Netlet Proxy that might be running locally.
  1. Obtain the latest Portal Server Secure Remote Access upgrade patches, based on Table 16-6.

    2. To obtain the patch, see Accessing Java ES Patches. Patches can be downloaded to /workingDirectory.

  2. Apply the core and, if needed, localization patch for Portal Server Secure Remote Access, in that order.

    3. For the core patch:

    cd /workingDirectory/patch_ID
    ./update

    The update script installs the RPM's.

    For the localization patch, install each RPM using the following command:

    rpm -Fvh patchName-version.rpm

    Be sure to consult the README.patch_ID file for additional patch installation instructions.

  3. Confirm that the patch upgrades were successful.

    4. rpm -qa | grep sun-portal

    The new version numbers of the RPMs should be returned.

  4. Run the psupdate script.

    5. cd PortalServer7-base/bin
    ./psupdate -a

    The script requests you to input additional information needed to upgrade Portal Server Secure Remote Access (see Obtain Required Configuration Information and Passwords).

    Note

    Be sure you enter correct values for psupdate parameters, as you can't go back and change them, and it is also very difficult to roll back changes made by the psupdate script.

  5. Start instances of the Gateway, Rewriter Proxy, or Netlet Proxy that were stopped in Step 3.

    6. PortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
        -f     passwordFile --name default --type gateway

    PortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
        -f     passwordFile --name default --type nlproxy

    PortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
        -f     passwordFile --name default --type rwproxy

Verifying the Upgrade

You can verify the upgrade of Portal Server Secure Remote Access to Release 5U1 using the following command:

See Table 16-4 for output values.

Post-Upgrade Tasks

There are no post-upgrade tasks beyond the steps described in Upgrade Procedure (Solaris) and Upgrade Procedure (Linux).

Rolling Back the Upgrade (Solaris)

This section describes the Release 5U1 upgrade rollback procedure for Portal Server Secure Remote Access on the Solaris platform.

  1. Log in as root or become superuser.

    2. su -

  2. Stop any instances of the Portal Server Secure Remote Access Gateway, Rewriter Proxy, or Netlet Proxy that might be running locally.
  1. Remove the appropriate Portal Server Secure Remote Access core and, if needed, localization patches in Table 16-5, in that order.

    2. patchrm patch_ID

  2. Run the psupdate script for the appropriate Portal Server Secure Remote Access core patch.

    3. cd PortalServer7Data-base/psupdate.patch_ID
    ./psupdate -r

    If the psupdate command fails on the Solaris 10 platform, modify the value of LD_LIBRARY_PATH to remove /usr/lib (or prepend /usr/lib/mps/sasl2) and then run the psupdate script again.

  3. Start instances of the Gateway, Rewriter Proxy, or Netlet Proxy that were stopped in Step 2.

    4. PortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
        -f     passwordFile --name default --type gateway

    PortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
        -f     passwordFile --name default --type nlproxy

    PortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
        -f     passwordFile --name default --type rwproxy

Multiple Instance Upgrades

In some deployment architectures Portal Server Secure Remote Access is deployed on multiple computer systems to provide for scalability and to improve availability. For example, you might have Portal Server Secure Remote Access instances running on multiple computers with a load balancer to distribute the load.

In the case of load-balanced instances of Portal Server Secure Remote Access, you can perform a rolling upgrade in which you upgrade the Portal Server Secure Remote Access instances sequentially without interrupting service. The rolling upgrade is achieved by disabling a Portal Server Secure Remote Access instance in the load balancer, performing the upgrade as described in Release 5 Portal Server Secure Remote Access Upgrade, and then enabling the instance in the load balancer. Perform this procedure for each Portal Server Secure Remote Access instance.

Upgrading Portal Server Secure Remote Access from Java ES Release 4

This section includes information about upgrading Portal Server Secure Remote Access from Java ES 2005Q4 (Release 4) to Java ES 5 Update 1 (Release 5U1).

The section covers the following topics:

Introduction

When upgrading Java ES Release 4 Portal Server Secure Remote Access to Release 5U1, consider the following aspects of the upgrade process:

Release 4 Portal Server Secure Remote Access Upgrade

This section describes how to perform an upgrade of Portal Server Secure Remote Access from Java ES Release 4 to Release 5U1 on both the Solaris and Linux platform. Where a topic depends on platform-specific procedures, the topic will indicate the operating system to which it applies. The section covers the following topics:

Release 4 Pre-Upgrade Tasks

Before you upgrade Portal Server Secure Remote Access you should perform the following tasks:

Verify Current Version Information

You can verify the current version of Portal Server Secure Remote Access using the following command:

Upgrade Portal Server Secure Remote Access Dependencies

It is generally recommended that all Java ES components on a computer system (and in a computing environment) be upgraded to Release 5U1.

While Release 5U1 Portal Server Secure Remote Access is compatible with the Release 4 version of Java ES shared components, upgrade of shared components is nevertheless necessary because the psupgrade script used to upgrade Portal Server Secure Remote Access requires the Release 5U1 version of the ANT shared component.

In addition, Portal Server Secure Remote Access requires the upgrade of Portal Server. However it does not require upgrading other Java ES Release 4 product components upon which it depends.

In fact, your dependency upgrade approach is the same as that taken for Portal Server: if any of the dependencies are to be upgraded to Release 5U1, they all need to be upgraded (see Selective Upgrade Issues). However, because of the Portal Server Secure Remote Access dependency on Portal Server, the upgrade of Portal Server takes care of Portal Server Secure Remote Access dependencies, except, for shared components.

When you upgrade Portal Server Secure Remote Access dependencies to Release 5U1, the dependencies should be upgraded in the order below (skipping any that might already have been upgraded), before you upgrade Portal Server Secure Remote Access.

  1. Shared Components.  Instructions for synchronizing Java ES shared components to Release 5U1 are provided in Upgrading Java ES Shared Components.
  2. Portal Server.   Instructions for upgrading Portal Server are provided in Chapter 15, "Portal Server".
Back Up Release 4 Portal Server Secure Remote Access Data

Upgrade of Portal Server Secure Remote Access to Release 5U1 does not require the reconfiguration of Portal Server Secure Remote Access software. However, as a safety measure the psupgrade script will back up the following directories where configuration information is stored:

Remove Configuration for Load Balancer

In cases in which Portal Server Secure Remote Access instances are accessed through a load balancer, the value of the LOAD_BALANCER_URL property used to configure such access can interfere with Portal Server Secure Remote Access upgrade. This setting must therefore be modified before performing upgrade of any Portal Server Secure Remote Access components. To modify the LOAD_BALANCER_URL property setting:

  1. Note which of the following configuration files are locally resident (some of which support Portal Server components that might be locally installed):

    2. PortalServer6Config-base/PSConfig.properties  (if Portal Server is local)
    PortalServer6Config-base/GWConfig.properties  (if Gateway is local)
    PortalServer6Config-base/RWPConfig.properties  (if Rewriter Proxy is local)
    PortalServer6Config-base/NLPConfig.properties  (if Netlet Proxy is local)

  2. Record the current value of the LOAD_BALANCER_URL property in these configuration files.
  3. Modify the value of the LOAD_BALANCER_URL property to point to the corresponding Portal Server Secure Remote Access instance being upgraded:

    4. LOAD_BALANCER_URL=hostName:port/portal

  4. Make sure that the following configuration properties, if present, reference the relevant Portal Server Secure Remote Access component (and not the load balancer), as shown below:

    5. In PortalServer6Config-base/platform.conf.default file:

    gateway.host=Gateway_hostName

    In PortalServer6Config-base/GWConfig.properties and
        PortalServer6Config-base/GWConfig-default.properties files:

    GW_HOST=Gateway_hostName
    GW_IP=Gateway_hostIP

    In PortalServer6Config-base/RWPConfig.properties and
        PortalServer6Config-base/RWPConfig-default.properties files:

    RWP_HOST=RewriterProxy_hostName
    RWP_IP=RewriterProxy_hostIP

    In PortalServer6Config-base/NLPConfig.properties and
        PortalServer6Config-base/NLPConfig-default.properties files:

    NLP_HOST=NetLetProxy_hostName
    NLP_IP=NetLetProxy_hostIP

Remove Configuration for Directory Proxy Server

In cases in which Portal Server Secure Remote Access instances access Directory Server through a Directory Proxy Server instance, the Directory Proxy Server host and port number settings must be modified before performing the upgrade and then restored to their original values after upgrade is complete.

To modify the appropriate settings:

  1. Record the current value of the com.iplanet.am.directory.host and com.iplanet.am.directory.port properties in the following Access Manager configuration file:

    2. AccessManagerConfig-base/config/AMConfig.properties

  2. Modify the values of these properties to point directly to the relevant Directory Server instance.
Obtain Required Configuration Information and Passwords

Depending on the upgrade scenario, the psupgrade script requires you to input information about the following admin accounts:

Upgrading Release 4 Portal Server Secure Remote Access (Solaris)

This section discusses considerations that impact the upgrade procedure for Portal Server Secure Remote Access followed by a description of the procedure itself.

Upgrade Considerations (Solaris)

The upgrade of Portal Server Secure Remote Access software to Release 5U1 takes into account the following considerations:

Upgrade Procedure (Solaris)

The procedure documented below applies to t he Portal Server Secure Remote Access component on the computer where the upgrade is taking place.

  1. Log in as root or become superuser.

    2. su -

  2. If you have not already done so, synchronize all shared components to Release 5U1.

    3. Instructions are provided in Chapter 2, "Upgrading Java ES Shared Components".

    This step is a necessary prerequisite to running the psupgrade script in Step 8.

  3. Stop any instances of the Gateway, Rewriter Proxy, or Netlet Proxy that are running locally.

    4. PortalServer6-base/bin gateway stop
    PortalServer6-base/bin netletd stop
    PortalServer6-base/bin rwproxyd stop

    Check that the processes have stopped:

    Gateway: netstat -an | grep 443
    Rewriter Proxy: netstat -an | grep 10443
    Netlet Proxy: netstat -an | grep 10555

  4. Make sure Access Manager is running.
  5. Set two environment variables (ANT_HOME and JAVA_HOME) needed by the psupgrade script. For example,

    6. export ANT_HOME=/usr/sfw
    export JAVA_HOME=/usr/jdk/entsys-j2se

  6. Make sure you have adequate swap space on your computer.

    7. As a guideline, the swap space should be set to twice the amount of physical ram.

  7. If the Portal Server Secure Remote Access component you are upgrading is remote from Portal Server, copy the dpadmin executable from the computer hosting Portal Server to the computer hosting the Portal Server Secure Remote Access component.

    8. The dpadmin executable can be found in the following location:

    PortalServer7-base/SUNWps.bak/bin/dpadmin, if Portal Server has been upgraded.

    PortalServer6-base/bin/dpadmin, if Portal Server has not yet been upgraded.

  8. Run the psupgrade script from the Java ES 5 Update 1 distribution.

    9. cd os_arch/Products/portal_svr/Tools/upgrade/bin
    ./psupgrade

    where os_arch matches your platform, such as Solaris_sparc.

    The psupgrade script invokes the Java ES installer to install new packages and requests the following information:

    • Directory Server Admin ID and password
    • Access Manager Admin ID and password
    • Directory Server amldapuser ID and password
  9. Start instances of the Gateway, Rewriter Proxy, or Netlet Proxy that were stopped in Step 3.

    10. PortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
        -f     passwordFile --name default --type gateway

    PortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
        -f     passwordFile --name default --type nlproxy

    PortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
        -f     passwordFile --name default --type rwproxy

    If the above commands fail, you must first register (enable) Portal Server Secure Remote Access components:

    PortalServer7-base/bin/psadmin provision-sra -u amadminUser
        -f     passwordFile -p Portal_ID --gateway-profile profileName --enable

  10. Apply the latest Portal Server Secure Remote Access maintenance patches, if any.

    11. Use the procedure documented in Upgrading Release 5 Portal Server Secure Remote Access (Solaris), except apply the procedure to upgrading from Release 5U1 instead of from Release 5.

Upgrading Release 4 Portal Server Secure Remote Access (Linux)

This section discusses considerations that impact the upgrade procedure for Portal Server Secure Remote Access followed by a description of the procedure itself.

Upgrade Considerations (Linux)

The upgrade of Portal Server Secure Remote Access software to Release 5U1 on the Linux platform takes into account the same considerations as on the Solaris platform (see Upgrade Considerations (Solaris)), except that Release 5U1 Portal Server Secure Remote Access is installed in the same path as Release 4 on Linux OS. As a result, the psupgrade script removes the previous RPMs when installing the Release 5U1 RPMs.

Upgrade Procedure (Linux)

The procedure documented below applies to Portal Server Secure Remote Access on the computer where the upgrade is taking place.

Caution

An upgrade from Release 4 to Release 5U1 on Linux cannot be rolled back. Make sure you back up your system before performing the following procedure.

  1. Log in as root or become superuser.

    2. su -

  2. If you have not already done so, synchronize all shared components to Release 5U1.

    3. Instructions are provided in Chapter 2, "Upgrading Java ES Shared Components".

    This step is a necessary prerequisite to running the psupgrade script in Step 8.

  3. Stop any instances of the Gateway, Rewriter Proxy, or Netlet Proxy that are running locally.

    4. PortalServer6-base/bin gateway stop
    PortalServer6-base/bin netletd stop
    PortalServer6-base/bin rwproxyd stop

    Check that the processes have stopped:

    Gateway: netstat -an | grep 443
    Rewriter Proxy: netstat -an | grep 10443
    Netlet Proxy: netstat -an | grep 10555

  4. Make sure Access Manager is running.
  5. Set two environment variables (ANT_HOME and JAVA_HOME) needed by the psupgrade script. For example,

    6. export ANT_HOME=/opt/sun
    export JAVA_HOME=/usr/jdk/entsys-j2se

  6. Make sure you have adequate swap space on your computer.

    7. As a guideline, the swap space should be set to twice the amount of physical ram.

  7. If the Portal Server Secure Remote Access component you are upgrading is remote from Portal Server, copy the dpadmin executable from the computer hosting Portal Server to the computer hosting the Portal Server Secure Remote Access component.

    8. The dpadmin executable can be found in the following location:

    PortalServer7-base/SUNWps.bak/bin/dpadmin, if Portal Server has been upgraded.

    PortalServer6-base/bin/dpadmin, if Portal Server has not yet been upgraded.

  8. Run the psupgrade script from the Java ES 5 Update 1 distribution.

    9. cd os_arch/Products/portal_svr/Tools/upgrade/bin
    ./psupgrade

    where os_arch matches your platform, such as Solaris_sparc.

    The psupgrade script invokes the Java ES installer to install new packages and requests the following information:

    • Directory Server Admin ID and password
    • Access Manager Admin ID and password
    • Directory Server amldapuser ID and password
  9. Apply the latest Portal Server Secure Remote Access maintenance patches, if any.

    10. Use the procedure documented in Upgrading Release 5 Portal Server Secure Remote Access (Solaris), except apply the procedure to upgrading from Release 5U1 instead of from Release 5.

Verifying the Upgrade

If the Portal Server Secure Remote Access component you are upgrading is remote from Portal Server, you can verify the installation of Release 5U1 packages by checking the version information in the following file:

However, if the Portal Server Secure Remote Access component you are upgrading is resides on the same computer as Portal Server, you can verify the upgrade using the following command:

See Table 16-7 for output values.

You can also check the upgrade log files at:

/var/sadm/install/logs/Sun_Java_System_Portal_Server_upgrade.log

Release 4 Post-Upgrade Tasks

There are no post-upgrade tasks required when upgrading Portal Server Secure Remote Access to Release 5U1, except for the following situations:

Restore Configuration for Load Balancer

If Portal Server Secure Remote Access instances have been accessed through a load balancer, the following steps need to be performed after upgrade to restore the load balancer configuration:

  1. Set the following parameters in the PortalServer7Config-base/platform.conf.default file:

    2. gateway.virtualhost=loadBalancer_hostName loadBalancer_hostIP
    gateway.external.ip=    loadBalancer_hostIP
    gateway.dsame.agent=http\://loadBalancer_hostName\:
        80/portal/RemoteConfigServlet

  2. Set the following parameter in the PortalServer7Config-base/GWConfig-default.properties file.

    3. gateway.ipaddress=Gateway_hostIP

  3. Set the parameters corresponding to Step 1 and Step 2 for Rewriter Proxy and Netlet Proxy, when these instances are deployed on computers remote from the Portal Server host.
  4. Restart Portal Server and the load-balanced Portal Server Secure Remote Access instances.
Restore Configuration for Directory Proxy Server

If Portal Server Secure Remote Access instances have accessed Directory Server through a Directory Proxy Server instance, the Directory Proxy Server host and port number settings must be restored to their original values before upgrade. See Remove Configuration for Directory Proxy Server, in which the values of these properties were modified in preparation for upgrade.

Rolling Back the Upgrade (Solaris)

This section describes considerations that impact the upgrade rollback procedure for Portal Server Secure Remote Access followed by the procedure itself.

Rollback Considerations (Solaris)

The procedure for rolling back the upgrade to Release 5U1 consists of reverting back to the Release 4 installation at PortalServer6-base.

Rollback Procedure (Solaris)
  1. Log in as root or become superuser.

    2. su -

  2. If Access Manager has been upgraded to Release 5U1, roll back Access Manager to Release 4.

    3. The rollback of Portal Server to Release 4 will not succeed if Access Manager remains at Release 5U1.

  3. Restore Directory Server to the state it was in before upgrade.

    4. Use the Directory Server backup/restore command line and GUI utilities. See the Directory Server Backup and Restore chapter of the Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide, http://docs.sun.com/doc/819-0995.

  4. Remove the Release 5U1 Portal Server Secure Remote Access packages.
    1. Launch the Java ES uninstaller.

      2. /var/sadm/prod/SUNWentsys5/uninstall

    2. Select all installed Portal Server Secure Remote Access components.
    3. Confirm your uninstall choice.
    4. Exit the Java ES uninstaller.
  5. Restore the PortalServer6-base and PortalServer6Config-base directories to their original locations.

    6. During upgrade they were move to directories with a .bak extension.

Rolling Back the Upgrade (Linux)

Because the upgrade to Release 5U1 requires the removal of the Release 4 binaries, it is very difficult to roll back the upgrade on Linux.

One approach to rollback would be to create a parallel system before upgrading and testing that system before attempting an upgrade. If you need to roll back the upgrade, you can revert back to that parallel system.

Multiple Instance Upgrades

In some deployment architectures Portal Server Secure Remote Access components, such as Gateway, are deployed on multiple computer systems to provide for security and scalability and to improve availability. For example, you might have Gateway components running on multiple computers with a load balancer to distribute the load.

In the case of load-balanced instances of Gateway, you can perform a rolling upgrade in which you upgrade Gateway instances sequentially without interrupting service, as described below. The procedure takes into account the following constraint: individual Portal Server Secure Remote Access components are not backwardly compatible with earlier versions; all need to be synchronized, along with Portal Server itself, at Java ES 5 Update 1. However during a rolling upgrade Release 4 Portal Server Secure Remote Access instances can remain running while Portal Server instances are being upgraded.

The deployment architecture shown in Figure 16-1 will be used to illustrate the rolling upgrade procedure.

In this architecture, multiple Portal Server instances are accessed by way of Portal Server Secure Remote Access Gateway instances. Both the Portal Server instances and the Gateway instances are load balanced to provide for availability and scalability.

The Portal Server instances, in turn, access Access Manager instances through a load balancer. The Access Manager and Access Manager SDK instances access a directory that is set up for multi-master replication (MMR). While other Directory Server replication schemes are possible, MMR is representative of highly available and scalable directory services.

In Figure 16-1, the multiple instances of Gateway, Portal Server, Access Manager, and Directory Server are grouped to facilitate explanation of the upgrade procedure. Portal Server 2, for example, is representative of the second through nth instances of Portal Server.

Figure 16-1 Example Deployment Architecture for Multiple Portal Server Instances

Diagram showing example deployment architecture for multiple Gateway instances which access multiple Portal Server instances which access multiple Access Manager instances.

Rolling upgrade of Release 4 Gateway (and Portal Server) to Release 5U1 is performed as follows:

  1. If you are upgrading Release 4 Access Manager to Release 5U1, perform a rolling upgrade as documented in Multiple Instance Upgrades. Note that in upgrading Release 4 Gateway or Release 4 Portal Server to Release 5U1, you are not required to upgrade Release 4 Access Manager to Release 5U1.
  2. Modify the configuration of Portal Server and Gateway instances as follows.
    1. Configure Portal Server 2 to point to Directory Server 2 rather than Directory Server 1.

      2. For brevity, in this and succeeding steps, "Portal Server 2" will mean Portal Server 2 through Portal Server n.

    2. Configure Gateway 2 to point to Directory Server 2 rather than Directory Server 1.

      3. For brevity, in this and succeeding steps, "Gateway 2" will mean Gateway 2 through Gateway n.

  3. Upgrade Portal Server 1.
    1. Disable Portal Server 1 in Load Balancer B.

      2. Requests will no longer be routed to Portal Server 1.

    2. Disable Directory Server MMR.

      3. Directory Server 2 will no longer by synchronized with Directory Server 1.

    3. Upgrade Access Manager SDK 1B to Release 5U1.

      4. Use the procedure in Release 4 Access Manager SDK-only Upgrades.

    4. Upgrade Portal Server 1 to Release 5U1.

      5. Perform the upgrade of the Portal Server instance as described in Release 4 Portal Server Secure Remote Access Upgrade, noting the following:

      • Make special note of the following pre-upgrade task: Remove Configuration for Load Balancer.
      • Confirm, before performing the upgrade, that the value of am.encryption.pwd in the AccessManagerConfig-base/config/AMConfig.properties file is the same for the local Access Manager SDK as for its associated remote Access Manager instance.
      • Make sure that you provide a non-null, unique value for the Portal Instance ID parameter requested by psupgrade for each Portal Server instance that you are upgrading.

        • Portal Server data for Directory Server 1 is updated to Release 5U1.

  4. Upgrade Gateway 1.
    1. Disable Gateway 1 in Load Balancer C.

      2. Requests will no longer be routed to Gateway 1.

    2. Upgrade Access Manager SDK 1A to Release 5U1.

      3. Use the procedure in Release 4 Access Manager SDK-only Upgrades.

    3. Upgrade Gateway 1 to Release 5U1.

      4. Perform the upgrade of Gateway as described in Release 4 Portal Server Secure Remote Access Upgrade, noting the following:

      • Make special note of the following pre-upgrade task: Remove Configuration for Load Balancer.
      • Confirm, before performing the upgrade, that the value of am.encryption.pwd in the AccessManagerConfig-base/config/AMConfig.properties file is the same for the local Access Manager SDK as for its associated remote Access Manager instance.
  5. Enable the previously disabled Portal Server 1 and Gateway 1 in their respective load balancers, as follows:
    1. Enable Portal Server 1 in Load Balancer B.

      2. Requests will be once again routed to Portal Server 1.

    2. Enable Gateway 1 in Load Balancer C.

      3. Requests will be once again routed to Gateway 1.

  6. Disable Portal Server 2 and Gateway 2 in their respective load balancers, as follows:
    1. Disable Portal Server 2 in Load Balancer B.

      2. Requests will no longer be routed to Portal Server 2.

    2. Disable Gateway 2 in Load Balancer C.

      3. Requests will no longer be routed to Gateway 2.

  7. Upgrade Portal Server 2.
    1. Restore the configuration of Portal Server 2 to point to Directory Server 1.
    2. Upgrade Access Manager SDK 2B to Release 5U1.

      3. Use the procedure in Release 4 Access Manager SDK-only Upgrades.

    3. Upgrade Portal Server 2 to Release 5U1.

      4. Use the same procedure as in Upgrade Portal Server 1, Step d.

    4. Enable Portal Server 2 in Load Balancer B.

      5. Requests will be once again routed to Portal Server 2.

  8. Upgrade Gateway 2.
    1. Restore the configuration of Gateway 2 to point to Directory Server 1.
    2. Upgrade Access Manager SDK 2A to Release 5U1.

      3. Use the procedure in Release 4 Access Manager SDK-only Upgrades.

    3. Upgrade Gateway 2 to Release 5U1.

      4. Use the same procedure as in Upgrade Gateway 1, Step c.

    4. Enable Gateway 2 in Load Balancer C.

      5. Requests will be once again routed to Gateway 2.

  9. Enable Directory Server MMR.

    10. The Portal Server data for Directory Server 2, is now synchronized with Directory Server 1.

    Note

    In rolling upgrades scenarios in which Portal Server instances are being upgraded to Release 5U1 while earlier releases of the Gateway component remain active (which is not the case in the above procedure), and in which Gateway instances are accessed through a load balancer, you should check for all Gateway instances that the following configuration properties in the PortalServer6Config-base/GWConfig.properties file and GWConfig-default.properties file reference the Gateway and not the load balancer:

    GW_IP=Gateway_hostIP
    GW_HOST=Gateway_hostName

    If these properties point to the load balancer, the Gateway will no longer access upgraded Portal Server instances.

Upgrading Portal Server Secure Remote Access from Java ES Release 3

The procedure for upgrading Java ES 2005Q1 (Release 3) Portal Server Secure Remote Access to Release 5U1 is the same as that for upgrading Release 4 Portal Server Secure Remote Access to Release 5U1, with the following exceptions:

Upgrading Portal Server Secure Remote Access Dependencies

However, when upgrading Portal Server Secure Remote Access from Release 3, you have to upgrade Access Manager to Release 4 or to Release 5U1 before upgrading Portal Server Secure Remote Access, and you cannot leave any other dependencies at Release 3, nor upgrade some dependencies to Release 4 and others to Release 5U1. For more information, see Selective Upgrade Issues.

The following dependencies need to be upgraded in the order shown below.

  1. Shared Components.  Instructions for upgrading Java ES shared components to Release 5U1 are provided in Chapter 2, "Upgrading Java ES Shared Components".
  2. Directory Server.  Instructions for upgrading Directory Server to Release 5U1 are provided in Upgrading Directory Server from Java ES Release 2.
  3. Access Manager (Access Manager SDK).  Instructions for upgrading Access Manager to Release 5U1 are provided in Chapter 14, "Access Manager".
  4. Portal Server.   Instructions for upgrading Portal Server are provided in Chapter 15, "Portal Server".

Upgrading Release 3 Portal Server Secure Remote Access

To upgrade Release 3 Portal Server Secure Remote Access to Release 5U1, use the instructions in Upgrading Portal Server Secure Remote Access from Java ES Release 4, except substitute Release 3 wherever Release 4 is referenced.

Multiple Instance Upgrades

In some deployment architectures Portal Server Secure Remote Access components, such as Gateway, are deployed on multiple computer systems to provide for security and scalability and to improve availability. For example, you might have Gateway components running on multiple computers with a load balancer to distribute the load.

When performing multiple instance upgrades from Release 3 Portal Server Secure Remote Access, use the procedure documented in Multiple Instance Upgrades, except replace "Release 4" with "Release 3" wherever Release 4 is referenced. You must also upgrade Access Manager, as described in Step 1.

Upgrading Portal Server Secure Remote Access from Java ES Release 2

Direct upgrade of Java ES 2004Q2 (Release 2) Portal Server Secure Remote Access to Release 5U1 is not supported.

However you can perform this upgrade by first upgrading Release 2 Portal Server Secure Remote Access to Release 5 (as documented in the Java Enterprise System 5 Update 1 Upgrade Guide for UNIX, http://docs.sun.com/doc/819-6553:) and then upgrading Release 5 Portal Server Secure Remote Access to Release 5U1 (as documented in Upgrading Portal Server Secure Remote Access from Java ES 5).

Upgrading Portal Server Secure Remote Access from the Interim Feature Release 7.0

This section includes information about upgrading Portal Server Secure Remote Access from the Interim Feature Release (IFR) 7.0 2005Q4 to Java ES 5 Update 1 (Release 5U1).

The section covers the following topics:

Introduction

When upgrading Portal Server Secure Remote Access IFR 7.0 to Release 5U1, consider the following aspects of the upgrade process:

Portal Server Secure Remote Access IFR 7.0 Upgrade

This section describes how to perform an upgrade of Portal Server Secure Remote Access from the IFR to Release 5U1 on both the Solaris and Linux platform. Where a topic depends on platform-specific procedures, the topic will indicate the operating system to which it applies. The section covers the following topics:

Pre-Upgrade Tasks

Pre-upgrade tasks for the IFR upgrade are the same as for the Release 4 upgrade (see Release 4 Pre-Upgrade Tasks), except for the section, Obtain Required Configuration Information and Passwords:

Information is requested by both the psupgrade and psupdate scripts that are used in upgrading from Portal Server Secure Remote Access IFR:

Upgrading Portal Server Secure Remote Access IFR 7.0 (Solaris)

This section discusses considerations that impact the upgrade procedure for Portal Server Secure Remote Access followed by a description of the procedure itself.

IFR 7 Upgrade Considerations (Solaris)

The Portal Server Secure Remote Access IFR upgrade to Release 5U1 takes into account the same considerations as the Release 4 upgrade (see Upgrade Considerations (Solaris)).

IFR 7 Upgrade Procedure (Solaris)

The procedure documented below applies to Portal Server Secure Remote Access on the computer where the upgrade is taking place.

  1. Log in as root or become superuser.

    2. su -

  2. Stop any instances of the Gateway, Rewriter Proxy, or Netlet Proxy that are running locally.

    3. PortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
       -f     passwordFile -t gateway -N gatewayProfileName

    PortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
       -f     passwordFile -t rwproxy -N gatewayProfileName

    PortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
       -f     passwordFile -t nlproxy -N gatewayProfileName

    Check that the processes have stopped:

    Gateway: netstat -an | grep 443
    Rewriter Proxy: netstat -an | grep 10443
    Netlet Proxy: netstat -an | grep 10555

  3. Make sure Access Manager is running.
  4. Apply the required Portal Server Secure Remote Access 7.1 patches.
    1. Obtain the required patches, based on Table 16-8.

      2. Always use the latest patch revisions available, unless directed to use a specific revision.

      Patches can be downloaded to /workingDirectory from: http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access

    2. Apply the appropriate Portal Server patch and, if needed, localization patch.

      3. patchadd /workingDirectory/patch_ID

      Be sure to consult the README.patch_ID file for additional patch installation instructions.

    3. Confirm that the patch upgrades were successful:

      4. showrev -p | grep patch_ID

      The output should return the versions of patch IDs applied in Step b.

  5. Apply the required Release 5U1 patch.
    1. Obtain the required patch, based on Table 16-5.

      2. To obtain the patch, see Accessing Java ES Patches. Patches can be downloaded to /workingDirectory.

    2. Apply the appropriate Portal Server patch and, if needed, localization patch in Table 16-5.

      3. patchadd /workingDirectory/patch_ID

      Be sure to consult the README.patch_ID file for additional patch installation instructions.

    3. Confirm that the patch upgrades were successful:

      4. showrev -p | grep patch_ID

      The output should return the versions of patch IDs applied in Step b.

  6. Set two environment variables (ANT_HOME and JAVA_HOME) needed by the psupgrade script:

    7. export ANT_HOME=/usr/sfw
    export JAVA_HOME=/usr/jdk/entsys-j2se

  7. Make sure you have adequate swap space on your computer.

    8. As a guideline, the swap space should be set to twice the amount of physical ram.

  8. Run the psupgrade script.

    9. cd PortalServer7-base/bin
    ./psupgrade

    The psupgrade script is not run from the Java ES 5 Update 1 distribution and does not invoke the Java ES installer (the packages were already patched).

  9. Run the psupdate script.

    10. cd PortalServer7-base/bin
    ./psupdate -a

    If the psupdate command fails on the Solaris 10 platform, modify the value of LD_LIBRARY_PATH to remove /usr/lib (or prepend /usr/lib/mps/sasl2) and then run the psupdate script again.

    The script requests you to input additional information needed to upgrade Portal Server Secure Remote Access (see Obtain Required Configuration Information and Passwords).

    Note

    Be sure you enter correct values for psupdate parameters, as you can't go back and change them, and it is also very difficult to roll back changes made by the psupdate script.

  10. Restart Common Agent Container, if it has not been upgraded to Release 5U1 and restarted as part of that upgrade.

    11. rel5CAC-admin-dir/bin/cacaoadm stop
    rel5CAC-admin-dir/bin/cacaoadm start

Upgrading Portal Server Secure Remote Access IFR 7.0 (Linux)

This section discusses considerations that impact the upgrade procedure for Portal Server Secure Remote Access followed by a description of the procedure itself.

IFR 7 Upgrade Considerations (Linux)

The upgrade of Portal Server Secure Remote Access software to Release 5U1 on the Linux platform takes into account the same considerations as on the Solaris platform (see Upgrade Considerations (Solaris)), except that installing Linux patches removes the previous RPMs.

IFR 7 Upgrade Procedure (Linux)

The procedure documented below applies to Portal Server Secure Remote Access on the computer where the upgrade is taking place.

Caution

An upgrade from Portal Server Secure Remote Access IFR to Release 5U1 on Linux cannot be rolled back. Make sure you back up your system before performing the following procedure.

  1. Log in as root or become superuser.

    2. su -

  2. Stop any instances of the Gateway, Rewriter Proxy, or Netlet Proxy that are running locally.

    3. PortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
       -f     passwordFile -t gateway -N gatewayProfileName

    PortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
       -f     passwordFile -t rwproxy -N gatewayProfileName

    PortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
       -f     passwordFile -t nlproxy -N gatewayProfileName

    Check that the processes have stopped:

    Gateway: netstat -an | grep 443
    Rewriter Proxy: netstat -an | grep 10443
    Netlet Proxy: netstat -an | grep 10555

  3. Make sure Access Manager is running.
  4. Apply the required Portal Server Secure Remote Access 7.1 patches.
    1. Obtain the required patches using the patch numbers from Table 16-8.

      2. Always use the latest patch revisions available, unless directed to use a specific revision.

      Patches can be downloaded to /workingDirectory from: http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access

    2. Apply the Portal Server Secure Remote Access patch and, if needed, localization RPMs for Portal Server Secure Remote Access in Table 16-8, in that order.

      3. See the Readme file for the Portal Server patch, which describes how to use a script to apply the patch's RPMs:

      cd /workingDirectory

      where /workingDirectory is the directory to which you download the patch.

      ./upgradeportalrpm

      The update script installs the RPM's.

      For the localization patch, install each RPM using the following command:

      rpm -Fvh patchName-version.rpm

      Be sure to consult the README.patch_ID file for additional patch installation instructions.

    3. Confirm that the patch upgrade was successful:

      4. rpm -qa | grep sun-portal

      The upgrade revision numbers of the RPMs should be returned.

  5. Apply the required Release 5U1 patch.
    1. Obtain the latest Portal Server upgrade patches, based on Table 16-6.

      2. To obtain the patch, see Accessing Java ES Patches. Patches can be downloaded to /workingDirectory.

    2. Apply the core and, if needed, localization patch for Portal Server Secure Remote Access in Table 16-6, in that order.

      3. cd /workingDirectory/patch_ID
      ./update

    3. Confirm that the patch upgrades were successful.

      4. rpm -qa | grep sun-portal

      The new version numbers of the RPMs should be returned.

  6. Set two environment variables (ANT_HOME and JAVA_HOME) needed by the psupgrade script:

    7. export ANT_HOME=/opt/sun
    export JAVA_HOME=/usr/jdk/entsys-j2se

  7. Make sure you have adequate swap space on your computer.

    8. As a guideline, the swap space should be set to twice the amount of physical ram.

  8. Run the psupgrade script.

    9. cd PortalServer7-base/bin
    ./psupgrade

    The psupgrade script is not run from the Java ES 5 Update 1 distribution and does not invoke the Java ES installer (the packages were already patched).

  9. Run the psupdate script.

    10. cd PortalServer7-base/bin
    ./psupdate -a

    The script requests you to input additional information needed to upgrade Portal Server Secure Remote Access (see Obtain Required Configuration Information and Passwords).

    The information requested for psupdate is specified in Obtain Required Configuration Information and Passwords.

    Note

    Be sure you enter correct values for psupdate parameters, as you can't go back and change them, and it is also very difficult to roll back changes made by the psupdate script.

  10. Restart Common Agent Container, if it has not been upgraded to Release 5U1 and restarted as part of that upgrade.

    11. rel5CAC-admin-dir/bin/cacaoadm stop
    rel5CAC-admin-dir/bin/cacaoadm start

Verifying the Upgrade

You can verify the patching of Portal Server Secure Remote Access packages to Release 5U1 using the following command:

See Table 16-7 for output values.

You can also check the upgrade log files at:

/var/sadm/install/logs/Sun_Java_System_Portal_Server_upgrade.0.0.log

Post-Upgrade Tasks

There are no post-upgrade tasks required when upgrading Portal Server Secure Remote Access to Release 5U1.

Rolling Back the Upgrade (Solaris)

This section describes considerations that impact the upgrade rollback procedure for Portal Server Secure Remote Access followed by the procedure itself.

Rollback Considerations (Solaris)

The procedure for rolling back the upgrade to Release 5U1 consists of reverting back to the IFR installation at PortalServer7-base.

Rollback Procedure (Solaris)
  1. Log in as root or become superuser.

    2. su -

  2. Restore Directory Server to the state it was in before upgrade.

    3. Use the Directory Server backup/restore command line and GUI utilities. See the Directory Server Backup and Restore chapter of the Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide, http://docs.sun.com/doc/819-0995.

  3. Remove the appropriate Release 5U1 core and, if needed, localization patches in Table 16-5, in that order.

    4. patchrm patch_ID

  4. Run the psupdate script for the appropriate Portal Server Secure Remote Access core patch.

    5. cd PortalServer7Data-base/psupdate.patch_ID
    ./psupdate -r

    If the psupdate command fails on the Solaris 10 platform, modify the value of LD_LIBRARY_PATH to remove /usr/lib (or prepend /usr/lib/mps/sasl2) and then run the psupdate script again.

  5. Back out the Portal Server Secure Remote Access 7.1 patch in Table 16-8.

    6. patchrm patch_ID

Rolling Back the Upgrade (Linux)

On the Linux platform there is no procedure for rolling back the upgrade.

Multiple Instance Upgrades

In some deployment architectures Portal Server Secure Remote Access is deployed on multiple computer systems to provide for scalability and to improve availability. For example, you might have Portal Server Secure Remote Access components running on multiple computers with a load balancer to distribute the load.

In the case of load-balanced instances of Portal Server Secure Remote Access, you can perform a rolling upgrade in which you upgrade the Portal Server Secure Remote Access instances sequentially without interrupting service. You upgrade each instance of Portal Server Secure Remote Access while the others remain running. You perform the upgrade of each instance as described in Portal Server Secure Remote Access IFR 7.0 Upgrade.

When performing multiple instance upgrades from IFR Portal Server Secure Remote Access, use the procedure documented in Multiple Instance Upgrades, except replace "Release 4" with "IFR" wherever Release 4 is referenced. You must also upgrade Access Manager, as described in Step 1.



Previous      Contents      Index      Next     

Part No: 820-2510-10
November 2007.   Copyright 2004 Sun Microsystems, Inc. All rights reserved.