Upgrading Multiple Instances of Access Manager

The following sections describe procedures when upgrading multiple instances of Access Manager.

• Preliminary Steps For Upgrading Multiple Instances of Access Manager

• Upgrading Multiple Instances of Access Manager 7.1

• Upgrading Multiple Access Manager 7 2005Q4 Server Instances

• Implementing Session Failover After Upgrades

Preliminary Steps For Upgrading Multiple Instances of Access Manager

Follow the instructions in OpenSSO Enterprise 8.0 Preliminary Upgrade Steps and Collecting Data Required for Upgrade to complete the preliminary steps.

Upgrading Multiple Instances of Access Manager 7.1

Upgrading multiple instances of Access Manager 7.1 is based on coexistence: an instance of OpenSSO Enterprise 8.0 can coexist with instances of Access Manager 7.1 in the same deployment and can concurrently access the Access Manager 7.1 schema in Directory Server. Thus, upgrade the instances one at a time. Upgrading multiple instances of Access Manager 7.1 is supported when:

• Two or more Access Manager 7.1 instances are deployed in supported web containers on different hosts behind a load balancer. The instances were deployed either by running the Sun Java Enterprise System installer (package based installation) or from a WAR file.

  ---

  Note –

  If Access Manager 7.1 was deployed from a WAR file, the configuration data store must be in Sun Java System Directory Server and not in the Flat File System.

  ---

• The configuration data store is in Sun Java System Directory Server; the Directory Server is set up for multi-master replication.

  ---

  Note –

  If multiple Access Manager 7.1 instances point to a configuration data store in a single Directory Server instance, first upgrade all Access Manager 7.1 instances sequentially and then upgrade the Directory Server schema.

  ---

To Upgrade Multiple Access Manager 7.1 Server Instances With Directory Server Configured For MMR

Before You Begin

Follow the instructions in OpenSSO Enterprise 8.0 Preliminary Upgrade Steps and Collecting Data Required for Upgrade to complete the preliminary steps.

1. Back up the Access Manager 7.1 files as described in Backing Up Existing Access Manager or Federation Manager Files.

2. Upgrade the first Access Manager 7.1 instance using the following sub procedure.

   1. Disable the Access Manager 7.1 instance in the load balancer.

      Requests will no longer be routed to this instance.

   2. Upgrade the first Access Manager instance as described in Upgrading to OpenSSO Enterprise 8.0.

   3. Enable the upgraded OpenSSO Enterprise 8.0 instance in the load balancer.

      Requests will once again be routed to this instance.

3. Follow the same procedure for all other Access Manager 7.1 instances in the deployment sequentially:

4. Upgrade the Directory Server schema as described in Upgrading the Existing Access Manager or Federation Manager Schema.

   Requests will now be routed through the load balancer to all upgraded OpenSSO Enterprise 8.0 instances in the deployment using the upgraded schema in Directory Server.

Upgrading Multiple Access Manager 7 2005Q4 Server Instances

Instances of OpenSSO Enterprise 8.0 cannot coexist in the same deployment with the Access Manager 7 2005Q4 Directory Server schema. However, if Directory Server is set up for multi-master replication, you can upgrade. Upgrading multiple instances of these earlier versions of Access Manager is supported when:

• Two or more Access Manager 7 2005Q4 instances are deployed in supported web containers behind a load balancer. The instances were deployed by running the Sun Java Enterprise System installer (package based installation).

• The configuration data store is in Sun Java System Directory Server, which is set up for multi-master replication.

  ---

  Note –

  If multiple Access Manager 7 2005Q4 instances point to a configuration data store in a single Directory Server instance, first upgrade all Access Manager instances sequentially and then upgrade the Directory Server schema.

  ---

If the Directory Server is not configured for multi-master replication, you cannot perform a rolling upgrade. Therefore, there will be downtime while upgrading the Directory Server schema.

To Upgrade Multiple Instances of Access Manager 7 2005Q4 With Directory Server Configured For Multi-Master Replication

This procedure assumes two instances of Directory Server.

Before You Begin

Follow the instructions in OpenSSO Enterprise 8.0 Preliminary Upgrade Steps and Collecting Data Required for Upgrade to complete the preliminary steps.

1. Modify the configuration for the first Access Manager instance so that it points to the second Directory Server instance rather than the first Directory Server instance.

2. Restart the first Access Manager instance.

   The first Access Manager instance will continue handling requests while you upgrade the other Access Manager instances in the deployment.

3. Upgrade all other instances of Access Manager sequentially using the following sub procedure.

   1. Disable the Access Manager instance in the load balancer.

      Requests will no longer be routed to this instance.

   2. Upgrade the Access Manager instance as described in Upgrading to OpenSSO Enterprise 8.0.

   3. Disable Directory Server MMR in the first instance of Directory Server.

   4. Update the schema for the first Directory Server instance as described in Upgrading the Existing Access Manager or Federation Manager Schema.

   5. Restart the upgraded OpenSSO Enterprise 8.0 instance.

   6. Enable the upgraded OpenSSO Enterprise 8.0 instance in the load balancer.

      Requests once again will be routed to this instance.

4. Upgrade the first Access Manager instance.

   1. Disable the first Access Manager instance in the load balancer.

      Requests will no longer be routed to this instance.

   2. Upgrade the first Access Manager instance as described in Upgrading to OpenSSO Enterprise 8.0.

   3. Enable Directory Server MMR in the first instance of Directory Server.

      The schema for the second Directory Server instance is now updated to the OpenSSO Enterprise 8.0 schema (as well as any other Directory Server instances).

   4. Restore the configuration of the first upgraded OpenSSO Enterprise 8.0 instance to point to the first Directory Server instance.

   5. Restart the first upgraded OpenSSO Enterprise 8.0 instance.

   6. Enable the first upgraded OpenSSO Enterprise 8.0 instance in the load balancer.

   Requests will be routed through the load balancer to all upgraded OpenSSO Enterprise 8.0 instances in the deployment, using the upgraded schema in Directory Server.

Implementing Session Failover After Upgrades

Information on implementing session failover after upgrading multiple instances to OpenSSO Enterprise 8.0 can be found in Chapter 8, Implementing OpenSSO Enterprise Session Failover, in Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide.