This chapter contains the following sections:
Section 8.2, "Verify That Your Environment is Properly Configured for OIA"
Section 8.3, "Create Upgrade Directories and Set Environment Variables"
Section 8.6, "Upgrade the OIA Schema on the Database Server"
Section 8.7, "Upgrade the Oracle Identity Analytics Environment"
Section 8.8, "Complete the Post-Upgrade Steps in a Test Environment"
Create a test environment similar to the production environment. Replicate the following items from the production environment using the same hardware and software versions:
Application server
Database server
Web server (optional component)
Common client machine with the corporate image and browser
Resources and other integrated applications
Oracle Identity Analytics version and configuration
In replicating your production environment you should have set the RBACX_HOME environment variable and configured your JVM options. Before you upgrade, verify that these important settings are correct in your test environment.
Before upgrading Oracle Identity Analytics verify that the RBACX_HOME environment variable has been permanently created and is set to the directory where you will install Oracle Identity Analytics. To create a permanent environment variable, refer to your operating system documentation for instructions.
Note:
A permanent $RBACX_HOME environment variable should be created under the application server's owner profile. Oracle Identity Analytics deployment will fail if RBACX_HOME is declared in a profile inaccessible by the application server.
For a clustered deployment, the $RBACX_HOME environment variable needs to be created on every cluster member.
Refer to your application server's documentation for information about configuring JVM options.
You should determine your memory need and set values in your application server's JVM accordingly. The recommended memory settings are as follows:
-Xmx2048m -Xms2048m
Depending on your specific implementation, you might need to increase these recommended values if you face performance issues with the web interface. Keeping a low minimum value minimizes garbage collection, whereas keeping a higher value decreases response time in the web interface.
IPv4 is required by Oracle Identity Analytics for network communication. If necessary, add the following JVM option to enforce IPv4 preference over IPv6:
-Djava.net.preferIPv4Stack=true
Also, ensure that your OS is configured to use IPv4. Refer to your operating system documentation for instructions to enable the IPv4 stack.
Complete these steps in preparation for upgrading your software.
Create a directory named OIA_Upgrade.
For example:
Windows - C:\OIA_Upgrade
UNIX - /opt/OIA_Upgrade
Unpack the Oracle Identity Analytics installation package (the upgrade software) to the OIA_Upgrade directory.
Windows:
unzip oia_install_package.zip -d OIA_Upgrade
UNIX:
unzip oia_install_package.zip -d OIA_Upgrade
Verify that the Oracle Identity Analytics folder structure was properly created.
The directory should consist of at least the following folders and files.
Create a directory named OIA_Temp.
This is the directory to which you will later extract the rbacx.war file. Here you will make configuration changes (as needed) prior to recreating the rbacx.war file.
For example:
Windows - C:\OIA_Temp
UNIX - /opt/OIA_Temp
Create a directory named OIA_Lib.
Later in Section 8.4, "Download Third-party Library Files" you will copy or download external and third-party files to this location.
For example:
Windows - C:\OIA_Lib
UNIX - /opt/OIA_Lib
Set the following environment variables in your test environment.
Windows:
Type the following commands at a command prompt:
set INSPATH=Path to the OIA_Upgrade directory
For example: set INSPATH=C:\OIA_Upgrade
set TEMP=Path to the OIA_Temp directory
For example: set TEMP=C:\OIA_Temp
set OIA_LIB=Path to the OIA_Lib directory
For example: set OIA_LIB=C:\OIA_Lib
set RBACXWAR=Path to the Oracle Identity Analytics deployment directory
This is where the updated rbacx.war file you create will be placed.
For example: set RBACXWAR=application server install directory\webapps
UNIX:
Type the following commands at a command prompt:
export INSPATH=Path to the OIA_Upgrade directory
For example: export INSPATH=/opt/OIA_Upgrade
export TEMP=Path to the OIA_Temp directory
For example: export TEMP=/opt/OIA_Temp
export OIA_LIB=Path to the OIA_Lib directory
For example: export OIA_LIB=/opt/OIA_Lib
export RBACXWAR=Path to the Oracle Identity Analytics deployment directory
This is where the updated rbacx.war file you create will be placed.
For example: export RBACXWAR=application server install directory/webapps
Prior to upgrading, download or copy the files in this section. Save the files to the OIA_LIB library folder that you created in Section 8.3.1, "Create the Directories Needed During the Upgrade Process."
For Oracle Database Server, download from the Oracle website the ojdbc5.jar driver if using JDK 1.5, and download the ojdbc6.jar driver if using JDK 1.6. The JDBC driver file you choose needs to support both the JDK version you are running, as well as the backend Oracle database instance version.
This file is required by the Oracle Identity Analytics certification and reporting feature.
Download the jasper-jdt.jar file and paste it to the OIA_LIB folder:
http://tomcat.apache.org/dev/dist/m2-repository/org/apache/tomcat/jasper-jdt/6.0.18/
OIA uses CloverETL for data import and export transformations.
Download the CloverETL Engine class files, version 1.8.1 from this site:
http://download.berlios.de/cloveretl/cloverETL.rel-1-8-1.zip
Next, complete the following steps to convert the library file to a JAR file.
Before You Begin - You will need the unzip utility and at least a Java 5 JDK.
Create a working directory named files and then open the directory:
mkdir files
cd files
Check the integrity of the .zip file and then expand it:
unzip -tq ../cloverETL.rel-1-8-1.zip
unzip -q ../cloverETL.rel-1-8-1.zip
Remove the log4j.properties file to prevent a file conflict in OIA:
rm log4j.properties
Go to the parent directory:
cd ..
Create the JAR manifest input file clover.mf, which consists of these lines:
Implementation-Version: 1.8.1 Implementation-Title: jETeL/Clover Implementation-URL: http://download.berlios.de/cloveretl/cloverETL.rel-1-8-1.zip Implementation-Vendor-Id: org.jetel
Create the JAR file:
jar -cf cloverETL-1.8.1.jar -m clover.mf -C files .
Copy the cloverETL-1.8.1.jar file to the OIA_LIB folder.
OIA uses the Java-Excel API to import data from an Excel spreadsheet file.
Download the jxl-2.5.9.jar file from this site:
OIA uses the Web Services Description Language for Java Toolkit (WSDL4J.jar) for provisioning server integration, among other things. If you are using Oracle Identity Analytics Web Services, download the WSDL4J JAR file.
Download the wsdl4j-bin-1.6.1.zip file from this site:
http://sourceforge.net/projects/wsdl4j/files/WSDL4J/1.6.1/
Next, follow these steps to extract the wsdl4j.jar file and copy it to the OIA_LIB folder.
Verify the zip file was downloaded without errors:
Windows:
unzip -tq wsdl4j-bin-1.6.1.zip
UNIX:
unzip -tq wsdl4j-bin-1.6.1.zip
Extract the wsdl4j.jar file:
Windows:
unzip -q wsdl4j-bin-1.6.1.zip wsdl4j-1_6_1\lib\wsdl4j.jar
UNIX:
unzip -q wsdl4j-bin-1.6.1.zip wsdl4j-1_6_1/lib/wsdl4j.jar
Copy the JAR file to the OIA_LIB folder and rename it to include the version number:
Windows:
move wsdl4j-1_6_1\lib\wsdl4j.jar %OIA_LIB%\wsdl4j-1.6.1.jar
UNIX:
mv wsdl4j-1_6_1/lib/wsdl4j.jar $OIA_LIB/wsdl4j-1.6.1.jar
Clean up:
Windows:
del /F wsdl4j-bin-1.6.1.zip wsdl4j-1_6_1\
UNIX:
rm -fr wsdl4j-bin-1.6.1.zip wsdl4j-1_6_1/
Before upgrading the Oracle Identity Analytics installation in the test environment, do the following:
Before You Begin - Shut down the Oracle Identity Analytics instance running on the system before backing up your files.
Back up the current Oracle Identity Analytics installation
Before upgrading, back up the Oracle Identity Analytics database and the directory where Oracle Identity Analytics is installed. Use third-party backup software or a backup utility supplied with the operating system to back up the Oracle Identity Analytics file system. To back up the database, refer to the documentation provided by your database vendor.
Back up customized Oracle Identity Analytics repository objects
Oracle Identity Analytics provides a set of database objects, such as workflow task definitions, that are usually customized for an environment. The upgrade process replaces some of these objects in the database after saving them in the file system.
Verify the environment
Before upgrading Oracle Identity Analytics in the test environment, verify the following:
All servers are present on the network
The schema is up-to-date
The location of the Oracle Identity Analytics application is correct
Before you upgrade the Oracle Identity Analytics software, upgrade the schema on the database server.
This section is organized as follows:
Section 8.6.1, "To Upgrade the OIA Schema on the Database Server on a Windows Platform"
Section 8.6.2, "To Upgrade the OIA Schema on the Database Server on a UNIX Platform"
Before You Begin - You should have created a backup of the Oracle Identity Analytics database.
You can upgrade the Oracle Identity Analytics schema using either the command prompt or the Oracle iSQL Plus Web Console (available in Oracle 10g Database Server). If the Oracle Database Server is not installed locally, use the iSQL Plus Web Console to upgrade the schema.
To upgrade the schema from a command prompt, follow these steps:
Stop the application server running Oracle Identity Analytics.
Navigate to the directory containing the upgrade scripts (C:\OIA_Upgrade\db\oracle) by typing:
C:\> cd C:\%OIA_Upgrade%\db\oracle
Run the following command(s) to execute the upgrade script(s):
C:\> sqlplus rbacxservice/rbacxservice @rbacx-previous_version_To_current_version_oracle.sql
To create the schema using the iSQL Plus Web Console, follow these steps:
Open the following URL in a web browser. The default port for the iSQL Plus Web Console is 5560.
http://hostname:5560/isqlplus
Select Load Script and browse to C:\%OIA_Upgrade%\db\oracle.
Locate the file rbacx-previous_version_To_current_version_oracle.sql and click Load.
Note:
For Oracle Identity Analytics 11gR1 PS1 the version number is 11.1.1.5.0.
The Oracle Identity Analytics upgrade schema creation script is loaded into the workspace window.
Click Execute.
The script is executed and the Oracle Identity Analytics schema is upgraded on the system.
Before You Begin - You should have created a backup of the Oracle Identity Analytics database.
You can upgrade the Oracle Identity Analytics schema using either the command prompt or the Oracle iSQL Plus Web Console (available in Oracle 10g Database Server). If the Oracle Database Server is not installed locally under the /opt directory, use the iSQL Plus Web Console to upgrade the schema.
Note:
For Oracle Identity Analytics 11gR1 PS1 the version number is 11.1.1.5.0.
To upgrade the schema from a command prompt, follow these steps:
Stop the application server running Oracle Identity Analytics.
Navigate to the directory containing the upgrade scripts (/opt/OIA_Upgrade/db) by typing:
$ su - oracle
$ export ORACLE_HOME=/opt/oracle/Path-to-Oracle-Database-Install-Directory
$ cd /opt/OIA_Upgrade/db/oracle
Run the following command(s) to execute the upgrade script(s):
$ ./sqlplus rbacxservice/rbacxservice @rbacx-previous_version_To_current_version_oracle.sql
The Oracle Identity Analytics database schema is upgraded on Oracle Database server.
To create the schema using the iSQL Plus Web Console, follow these steps:
Open the following URL in a web browser. The default port for the iSQL Plus Web Console is 5560.
http://hostname:5560/isqlplus
Select Load Script and browse to /opt/OIA_Upgrade/db/oracle.
Locate the file rbacx-previous_version_To_current_version_oracle.sql and click Load.
The Oracle Identity Analytics schema upgrade script is loaded into the workspace window.
Click Execute.
The script is executed and the Oracle Identity Analytics schema is upgraded on the system.
After upgrading the schema on the database server, upgrade your Oracle Identity Analytics software.
This section is organized as follows:
Section 8.7.1, "To Upgrade the Environment on a Windows Platform for a Standalone Deployment"
Section 8.7.2, "To Upgrade the Environment on a UNIX Platform for a Standalone Deployment"
Section 8.7.3, "To Upgrade the Environment on a Windows Platform for a Clustered Deployment"
Section 8.7.4, "To Upgrade the Environment on a UNIX Platform for a Clustered Deployment"
Use the following steps to upgrade Oracle Identity Analytics on a supported Windows platform.
Stop the application server.
Clear the cache on your application server.
For instructions, consult your application server documentation.
Note:
On WebLogic, delete the cache and tmp folders.
If there is a stage folder, delete \stage\rbacx as well. Or, if you changed the default application name, delete \stage\nameOfYourOiaApp.
Upgrade the report-related files in the RBACX_HOME\reports directory:
Remove the existing files from the RBACX_HOME\reports directory:
rmdir /s /q %RBACX_HOME%\reports
Copy the reports that are appropriate for your database to the RBACX_HOME\reports folder.
The following sample steps assume that the target database server is Oracle Database.
xcopy %INSPATH%\reports %RBACX_HOME%\reports /I/E
xcopy %RBACX_HOME%\reports\oracle * %RBACX_HOME%\reports
Upgrade the search-related files in the RBACX_HOME\.indexes directory:
Remove search-related files from the RBACX_HOME\.indexes directory:
rmdir /s /q %RBACX_HOME%\.indexes
Copy the files related to advanced search from the upgrade folder to the RBACX_HOME\.indexes folder:
xcopy %INSPATH%\.indexes %RBACX_HOME%\.indexes /I/E
Make changes to the following files located under the %INSPATH%\conf directory to reflect customizations as documented in Section 7.3, "Documenting Custom Components."
iam.properties - In a text editor, replace any occurrences of $RBACX_HOME with the Oracle Identity Analytics installation directory path.
jdbc.properties -
In a text editor, edit the following lines, substituting $SERVER_NAME and $PORT_NUMBER with the host name and connectivity port of the target database.
Copy the JDBC account password from your current jdbc.properties file (%RBACX_HOME%\conf\jdbc.properties) to the new %INSPATH%\conf\jdbc.properties file. The JDBC account password for the default user rbacxservice is stored in the Oracle Identity Analytics jdbc.properties file as property jdbc.password.encrypted.
For example:
jdbc.password.encrypted=d579601be2566d0095865af775bf7371
Copying the JDBC account password is required to ensure that OIA starts successfully.
ldap.properties - Refer to the "Authenticating With LDAP" chapter in the System Integrator's Guide for Oracle Identity Analytics for information about LDAP customizations.
rm_idm_init.xml - This file (the SPML exchange file) is required by Oracle Identity Analytics to exchange and manage information with Oracle Waveset (Sun Identity Manager).
Replace the files in the RBACX_HOME\conf directory with the files you changed in the previous step:
Remove the conf directory from RBACX_HOME:
rmdir /s /q %RBACX_HOME%\conf
Copy the upgraded conf directory files to the RBACX_HOME directory:
xcopy %INSPATH%\conf %RBACX_HOME%\conf /I/E
Expand the rbacx.war file.
cd %TEMP%
jar -xvf %INSPATH%\rbacx.war
In the following steps you will make configuration changes to the expanded rbacx.war file.
If you are using CloverETL, enable it in the configuration as follows:
In a text editor, open WEB-INF/etl-context.xml and uncomment the etlManager bean definition.
In a text editor, open WEB-INF/iam-context.xml and uncomment the etlManager bean reference in the property list of the file bean definition.
Copy the downloaded third-party library files to the library directory in the expanded WAR file:
copy %OIA_LIB% %TEMP%\WEB-INF\lib
Apply any customizations necessary for the environment to the expanded .war file in the %TEMP% directory.
Update the log4j.properties file with the correct path for your environment.
Note:
If the Oracle Identity Analytics log file is going to be created in any folder other than the default log folder as defined by the application server, complete the step. Otherwise, skip and go to the next step.
In a text editor, open the log4j.properties file located in the %TEMP%\WEB-INF folder.
Locate the following line under # File Appender.
log4j.appender.file.file=logs\rbacx.log
Replace logs\rbacx.log with the full path to where the log file should be written.
For example, the line should look like this:
log4j.appender.file.file=C:\Oracle\OIA_Install\logs\rbacx.log
Update the jasper.properties file.
In a text editor, open the jasper.properties file located in the %TEMP%\WEB-INF\classes folder.
Add the following line to the end of the file:
net.sf.jasperreports.compiler.classpath=Path to your rbacx folder\rbacx\WEB-INF\lib\jasperreports-2.0.5-javaflow.jar
Note:
The path to the rbacx deployment folder will vary on the application server.
Make the following changes if there are multiple instances of Oracle Identity Analytics, standalone or clustered, on the same subnet.
Navigate to the %TEMP%\WEB-INF directory.
In a text editor, open application-context.xml, find bean ID commManager, and examine the constructor-arg value.
Set the constructor-arg value with a unique instance name, for example value="OIA-Instance-1".
In bean ID commManager, locate the constructor-arg index="1" value.
Replace the value with the IP address of each cluster member. This setting binds the multicast addresses to the IP addresses. In addition, add the enabled property and set it to true. For example:
<constructor-arg index="1" value="140.84.134.133;140.84.135.88"/> <property name="enabled" value="true"/>
Save the application-context.xml file.
In a text editor, open search-context.xml, find bean ID searchConfiguration, and examine the constructor-arg value.
If this is a standalone deployment, set the constructor-arg defaults to a value of 0, which is specified as value="0".
Navigate to the %TEMP%\WEB-INF\classes directory and do the following:
In a text editor, open oscache.properties (located in the %TEMP%\WEB-INF\classes directory), and find the cache.cluster.multicast.ip property.
Uncomment cache.cluster.multicast.ip by removing the # at the start of the line. Each Oracle Identity Analytics instance requires a unique cache.cluster.multicast.ip value.
Uncomment the following line by removing the # at the start of the line.
cache.event.listeners=com.opensymphony.oscache.plugins.clustersupport.JavaGroupsBroadcastingListener,com.opensymphony.oscache.extra.CacheMapAccessEventListenerImpl
If you are using OIA Web Services, uncomment its configuration.
See the API Guide for Oracle Identity Analytics, "Enabling Web Services."
Repackage the .war file in the %TEMP% directory if changes are made. Type the following commands in the test environment:
cd %TEMP%
jar -cvfM %RBACXWAR%\rbacx.war .
Uninstall Oracle Identity Analytics from the application server.
Deploy the rebuilt Oracle Identity Analytics .war file on the target application server.
Refer to Chapter 4, "Deploying Oracle Identity Analytics" for instructions about deploying Oracle Identity Analytics.
Start the application server.
Go to the following address in a browser:
https://Hostname:Port-Number/rbacx/welcome.action
When the Welcome screen appears, enter your rbacxadmin user name and password and verify that the installation is successful.
Open the rbacx.log file and check for errors.
The installation is successful if a message similar to the following appears in the rbacx.log file:
Oracle Identity Analytics(build: 11.1.1.5.0.201107nn_nn_nnnn) Started
Use the following steps to upgrade Oracle Identity Analytics manually on a supported UNIX platform.
Stop the application server.
Clear the cache on your application server.
For instructions, consult your application server documentation.
Note:
On WebLogic, delete the cache and tmp folders.
If there is a stage / staging folder, delete /stage/rbacx as well. Or, if you changed the default application name, delete /stage/nameOfYourOiaApp.
Upgrade the report-related files in the RBACX_HOME/reports directory:
Remove the existing files from the RBACX_HOME/reports directory:
/usr/bin/rm -f $RBACX_HOME/reports
Copy the reports that are appropriate for your database to the RBACX_HOME/reports folder.
The following sample steps assume that the target database server is Oracle Database.
cp -R $INSPATH/reports $RBACX_HOME/.
cp -R $RBACX_HOME/reports/oracle/* $RBACX_HOME/reports/.
Upgrade the search-related files in the RBACX_HOME/.indexes directory:
Remove search-related files from the RBACX_HOME/.indexes directory:
/usr/bin/rm -f $RBACX_HOME/.indexes
Copy the files related to advanced search from the upgrade folder to the RBACX_HOME/.indexes folder:
cp -R $INSPATH/.indexes $RBACX_HOME/.
Make changes to the following files located under the $INSPATH/conf directory to reflect customizations as documented in Section 7.3, "Documenting Custom Components."
iam.properties - In a text editor, replace any occurrences of $RBACX_HOME with the Oracle Identity Analytics installation directory path.
jdbc.properties -
In a text editor, edit the following lines, substituting $SERVER_NAME and $PORT_NUMBER with the host name and connectivity port of the target database.
Copy the JDBC account password from your current jdbc.properties file ($RBACX_HOME/conf/jdbc.properties) to the new $INSPATH/conf/jdbc.properties file. The JDBC account password for the default user rbacxservice is stored in the Oracle Identity Analytics conf/jdbc.properties file as property jdbc.password.encrypted.
For example:
jdbc.password.encrypted=d579601be2566d0095865af775bf7371
OIA will not start if you do not use your existing JDBC account password.
ldap.properties - Refer to the "Authenticating With LDAP" chapter in the System Integrator's Guide for Oracle Identity Analytics for instructions on LDAP customizations.
rm_idm_init.xml - This file is required by Oracle Identity Analytics to exchange and manage information with Identity Manager.
Replace the files in the RBACX_HOME/conf directory with the files you changed in the previous step:
Remove the conf directory from RBACX_HOME:
/usr/bin/rm -f $RBACX_HOME/conf
Copy the upgraded conf directory files to the RBACX_HOME directory:
cp -R $INSPATH/conf $RBACX_HOME/.
Expand the rbacx.war file.
cd $TEMP
jar xvf $INSPATH/rbacx.war
In the following steps you will make configuration changes to the expanded rbacx.war file.
If you are using CloverETL, enable it in the configuration as follows:
In a text editor, open WEB-INF/etl-context.xml and uncomment the etlManager bean definition.
In a text editor, open WEB-INF/iam-context.xml and uncomment the etlManager bean reference in the property list of the file bean definition.
Copy the downloaded third-party library files to the library directory in the expanded WAR file:
cp $OIA_LIB/* $TEMP/WEB-INF/lib
Apply any customizations necessary for the environment to the extracted .war file in the $TEMP directory.
Update the log4j.properties file with the correct path for your environment.
Note:
If the Oracle Identity Analytics log file is going to be created in any folder other than the default log folder as defined by the application server, complete the step. Otherwise, skip and go to the next step.
In a text editor, open the log4j.properties file located in the $TEMP/WEB-INF folder.
Locate the following line under # File Appender.
log4j.appender.file.file=logs/rbacx.log
Replace logs/rbacx.log with the full path to where the log file should be written.
For example, the line should look like this:
log4j.appender.file.file=/opt/Oracle/OIA_Install/logs/rbacx.log
Update the jasper.properties file.
In a text editor, open the jasper.properties file located in the WEB-INF/classes folder.
Add the following line to the end of the file:
net.sf.jasperreports.compiler.classpath=Path to your rbacx folder/rbacx/WEB-INF/lib/jasperreports-2.0.5-javaflow.jar
Note:
The path to the rbacx deployment folder will vary on the application server.
Make the following changes if there are multiple instances of Oracle Identity Analytics, standalone or clustered, on the same subnet.
Navigate to the $TEMP/WEB-INF directory.
In a text editor, open application-context.xml, find bean ID commManager, and examine the constructor-arg value.
Set the constructor-arg value with a unique instance name, for example value="OIA-Instance-1".
In a text editor, open search-context.xml, find bean ID searchConfiguration, and examine the constructor-arg value.
If this is a standalone deployment, set the constructor-arg defaults to a value of 0, which is specified as value="0".
In bean ID commManager, locate the constructor-arg index="1" value.
Replace the value with the IP address of each cluster member. This setting binds the multicast addresses to the IP addresses. In addition, add the enabled property and set it to true. For example:
<constructor-arg index="1" value="140.84.134.133;140.84.135.88"/> <property name="enabled" value="true"/>
Save the application-context.xml file.
Navigate to the $TEMP/WEB-INF/classes directory and do the following:
In a text editor, open oscache.properties (located in the $TEMP/WEB-INF/classes directory), and find the cache.cluster.multicast.ip property.
Uncomment cache.cluster.multicast.ip by removing the # at the start of the line. Each Oracle Identity Analytics instance requires a unique cache.cluster.multicast.ip value.
Uncomment the following line by removing the # at the start of the line.
cache.event.listeners=com.opensymphony.oscache.plugins.clustersupport.JavaGroupsBroadcastingListener,com.opensymphony.oscache.extra.CacheMapAccessEventListenerImpl
If you are using OIA Web Services, uncomment its configuration.
See the API Guide for Oracle Identity Analytics, "Enabling Web Services."
Repackage the .war file in the $TEMP directory if you made changes.
Type the following commands in the test environment:
cd $TEMP
jar cvfM $RBACXWAR/rbacx.war .
Uninstall Oracle Identity Analytics from the application server.
Deploy the rebuilt Oracle Identity Analytics .war file on the target application server.
Refer to Chapter 4, "Deploying Oracle Identity Analytics" for more information.
Start the application server.
Go to the following address in a browser:
https://Hostname:Port-Number/rbacx/welcome.action
When the Welcome screen appears, enter your rbacxadmin user name and password and verify that the installation is successful.
Open the rbacx.log file and check for errors.
The installation is successful if a message similar to the following appears in the rbacx.log file:
Oracle Identity Analytics(build: 11.1.1.5.0.201107nn_nn_nnnn) Started
Use the following steps to upgrade Oracle Identity Analytics on a supported Windows platform.
Stop the application server.
Clear the cache on your application servers.
For instructions, consult your application server documentation.
Note:
On WebLogic, delete the cache and tmp folders.
If there is a stage (or staging) folder, delete \stage\rbacx as well. Or, if you changed the default application name, delete \stage\nameOfYourOiaApp.
Upgrade the report-related files in the RBACX_HOME\reports directory:
Remove the existing files from the RBACX_HOME\reports directory:
rmdir /s /q %RBACX_HOME%\reports
Copy the reports that are appropriate for your database to the RBACX_HOME\reports folder.
The following sample steps assume that the target database server is Oracle Database.
xcopy %INSPATH%\reports %RBACX_HOME%\reports /I/E
xcopy %RBACX_HOME%\reports\oracle * %RBACX_HOME%\reports
Upgrade the search-related files in the RBACX_HOME\.indexes directory:
Remove search-related files from the RBACX_HOME\.indexes directory:
rmdir /s /q %RBACX_HOME%\.indexes
Copy the files related to advanced search from the upgrade folder to the RBACX_HOME\.indexes folder:
xcopy %INSPATH%\.indexes %RBACX_HOME%\.indexes /I/E
Make changes to the following files located under %INSPATH%\conf directory to reflect customizations as documented in Section 7.3.1, "Documenting Custom File-System Objects":
iam.properties - In a text editor, replace any occurrences of $RBACX_HOME with the Oracle Identity Analytics installation directory path.
Note:
When the application server is clustered, the nodes can maintain localized import/export directories, or utilize import/export directories on a NFS share. If the nodes use a shared NFS location for import/export, substitute $RBACX_HOME with the path to the NFS share.
jdbc.properties
In a text editor, edit the following lines, substituting $SERVER_NAME and $PORT_NUMBER with the host name and connectivity port of the target database. Refer to Section 3.5, "To Configure Oracle Identity Analytics for Standalone Deployment" for instructions.
Make the following change to jdbc.properties for clustered Quartz support:
jdbc.quartz.isClustered=true
Copy the JDBC account password from your current jdbc.properties file (%RBACX_HOME%\conf\jdbc.properties) to the new %INSPATH%\conf\jdbc.properties file. The JDBC account password for the default user rbacxservice is stored in the Oracle Identity Analytics conf\jdbc.properties file as property jdbc.password.encrypted.
For example:
jdbc.password.encrypted=d579601be2566d0095865af775bf7371
Copying the JDBC account password is required to ensure that OIA starts successfully.
Save the jdbc.properties file.
ldap.properties - Refer to the "Authenticating With LDAP" chapter in the System Integrator's Guide for Oracle Identity Analytics for instructions on LDAP customizations.
rm_idm_init.xml - This file is required by Oracle Identity Analytics to exchange and manage information with Identity Manager.
Replace the files in the RBACX_HOME\conf directory with the files you changed in the previous step:
Remove the conf directory from RBACX_HOME:
rmdir /s /q %RBACX_HOME%\conf
Copy the upgraded conf directory files to the RBACX_HOME directory:
xcopy %INSPATH%\conf %RBACX_HOME%\conf /I/E
Expand the rbacx.war file.
cd %TEMP%
jar -xvf %INSPATH%\rbacx.war
In the following steps you will make configuration changes to the expanded rbacx.war file.
If you are using CloverETL, enable it in the configuration as follows:
In a text editor, open WEB-INF/etl-context.xml and uncomment the etlManager bean definition.
In a text editor, open WEB-INF/iam-context.xml and uncomment the etlManager bean reference in the property list of the file bean definition.
Copy the downloaded third-party library files to the library directory in the expanded WAR file:
copy %OIA_LIB% %TEMP%\WEB-INF\lib
Apply any customizations necessary for the environment to the extracted .war file in the %TEMP% directory.
Update the log4j.properties file with the correct path for your environment.
Note:
If the Oracle Identity Analytics log file is going to be created in any folder other than the default log folder as defined by the application server, complete the step. Otherwise, skip and go to the next step.
In a text editor, open the log4j.properties file located in the %TEMP%\WEB-INF folder.
Locate the following line under # File Appender.
log4j.appender.file.file=logs\rbacx.log
Replace logs\rbacx.log with the full path to where the log file should be written.
For example, the line should look like this:
log4j.appender.file.file=C:\Oracle\OIA_Install\logs\rbacx.log
Update the jasper.properties file.
In a text editor, open the jasper.properties file located in the %TEMP%\WEB-INF\classes folder.
Add the following line to the end of the file:
net.sf.jasperreports.compiler.classpath=Path to your rbacx folder\rbacx\WEB-INF\lib\jasperreports-2.0.5-javaflow.jar
Note:
The path to the rbacx deployment folder will vary on the application server.
Make the following changes to enable Oracle Identity Analytics support for clustered application server deployments:
Navigate to the %TEMP%\WEB-INF directory.
In a text editor, open application-context.xml, find bean ID commManager, and examine the constructor-arg value.
Set the constructor-arg value as the cluster name---for example, value="Prod-1-Cluster".
If Oracle Identity Analytics is deployed on multiple clusters within the same subnet, you should define unique constructor-arg values for each deployment. For example, if both clusters Prod-Cluster and QA-Cluster have Oracle Identity Analytics deployed, the constructor-arg values of each should be set to Prod-Cluster and QA-Cluster respectively.
Members of the same cluster should have the same constructor-arg value.
In bean ID commManager, locate the constructor-arg index="1" value.
Replace the value with the IP address of each cluster member. This setting binds the multicast addresses to the IP addresses. In addition, add the enabled property and set it to true. For example:
<constructor-arg index="1" value="140.84.134.133;140.84.135.88"/> <property name="enabled" value="true"/>
Save the application-context.xml file.
In a text editor, open search-context.xml, find bean ID searchConfiguration, and examine the constructor-arg value.
For a clustered deployment, constructor-arg defaults to a value of 1 or 2 depending on the location of the .indexes directory.
To set the constructor-arg value, do the following:
If each clustered node will be accessing local individual .indexes directories, set constructor-arg to 1. For example, value="1".
If clustered nodes will be accessing a shared.indexes directory, set constructor-arg to 2. For example, value="2". The .indexes directory needs to be located on an NFS share location where each clustered node has read-write permission. Edit indexLocation such that the NFS share location replaces $RBACX_HOME in the value field.
If multiple instances of Oracle Identity Analytics, standalone or clustered, exist on the same subnet, navigate to the %TEMP%\WEB-INF\classes directory and do the following:
In a text editor, open oscache.properties (located in the %TEMP%\WEB-INF\classes directory), and find the cache.cluster.multicast.ip property.
Uncomment cache.cluster.multicast.ip by removing # at the start of the line. Each non-member instance requires a unique cache.cluster.multicast.ip value.
Uncomment the following line by removing the # at the start of the line.
cache.event.listeners=com.opensymphony.oscache.plugins.clustersupport.JavaGroupsBroadcastingListener,com.opensymphony.oscache.extra.CacheMapAccessEventListenerImpl
If you are using OIA Web Services, uncomment its configuration.
See the API Guide for Oracle Identity Analytics, "Enabling Web Services."
Repackage the .war file in the %TEMP% directory if changes are made. Type the following commands in the test environment:
cd %TEMP%
jar -cvfM %RBACXWAR%\rbacx.war .
Uninstall Oracle Identity Analytics from the application server.
Deploy the rebuilt Oracle Identity Analytics .war file on the target application server.
Refer to Chapter 4, "Deploying Oracle Identity Analytics" for instructions about Oracle Identity Analytics deployment.
Start the application server.
Go to the following address in a browser:
https://Hostname:Port-Number/rbacx/welcome.action
When the Welcome screen appears, enter your rbacxadmin user name and password and verify that the installation is successful.
Open the rbacx.log file and check for errors.
The installation is successful if a message similar to the following appears in the rbacx.log file:
Oracle Identity Analytics build: 11.1.1.5.0.201107nn_nn_nnnn) Started
Use the following steps to upgrade Oracle Identity Analytics manually on a supported UNIX platform.
Stop the application servers.
Clear the cache on your application servers.
For instructions, consult your application server documentation.
Note:
On WebLogic, delete the cache and tmp folders.
If there is a stage / staging folder, delete /stage/rbacx as well. Or, if you changed the default application name, delete /stage/nameOfYourOiaApp.
Upgrade the report-related files in the RBACX_HOME/reports directory:
Remove the existing files from the RBACX_HOME/reports directory:
/usr/bin/rm -f $RBACX_HOME/reports
Copy the reports that are appropriate for your database to the RBACX_HOME/reports folder.
The following sample steps assume that the target database server is Oracle Database.
cp -R $INSPATH/reports $RBACX_HOME/.
cp -R $RBACX_HOME/reports/oracle/* $RBACX_HOME/reports/.
Upgrade the search-related files in the RBACX_HOME/.indexes directory:
Remove search-related files from the RBACX_HOME/.indexes directory:
/usr/bin/rm -f $RBACX_HOME/.indexes
Copy the files related to advanced search from the upgrade folder to the RBACX_HOME/.indexes folder:
cp -R $INSPATH/.indexes $RBACX_HOME/.
Make changes to the following files located under the $INSPATH/conf directory to reflect customizations as documented in Section 7.3, "Documenting Custom Components."
iam.properties - In a text editor, replace any occurrences of $RBACX_HOME with the Oracle Identity Analytics installation directory path.
Note:
When the application server is clustered, the nodes can maintain localized import/export directories, or utilize import/export directories on a NFS share. If the nodes use a shared NFS location for import/export, substitute $RBACX_HOME with the path to the NFS share.
jdbc.properties -
In a text editor, edit the following lines, substituting $SERVER_NAME and $PORT_NUMBER with the host name and connectivity port of the target database. Refer to Section 3.5, "To Configure Oracle Identity Analytics for Standalone Deployment" for instructions.
Copy the JDBC account password from your current jdbc.properties file ($RBACX_HOME/conf/jdbc.properties) to the new $INSPATH/conf/jdbc.properties file. The JDBC account password for the default user rbacxservice is stored in the Oracle Identity Analytics conf/jdbc.properties file as property jdbc.password.encrypted.
For example:
jdbc.password.encrypted=d579601be2566d0095865af775bf7371
Copying the JDBC account password is required to ensure that OIA starts successfully.
Make the following change to jdbc.properties for clustered Quartz support, and save the file:
jdbc.quartz.isClustered=true
ldap.properties - Refer to the "Authenticating With LDAP" chapter in the System Integrator's Guide for Oracle Identity Analytics for instructions on LDAP customizations.
rm_idm_init.xml - This file is required by Oracle Identity Analytics to exchange and manage information with Identity Manager.
Replace the files in the RBACX_HOME/conf directory with the files you changed in the previous step:
Remove the conf directory from RBACX_HOME:
/usr/bin/rm -f $RBACX_HOME/conf
Copy the upgraded conf directory files to the RBACX_HOME directory:
cp -R $INSPATH/conf $RBACX_HOME/.
Expand the rbacx.war file.
cd $TEMP
jar xvf $INSPATH/rbacx.war
In the following steps you will make configuration changes to the expanded rbacx.war file.
If you are using CloverETL, enable it in the configuration as follows:
In a text editor, open WEB-INF/etl-context.xml and uncomment the etlManager bean definition.
In a text editor, open WEB-INF/iam-context.xml and uncomment the etlManager bean reference in the property list of the file bean definition.
Copy the downloaded third-party library files to the library directory in the expanded WAR file:
cp $OIA_LIB/* $TEMP/WEB-INF/lib
Apply any customizations necessary for the environment to the extracted .war file in the $TEMP directory.
Update the log4j.properties file with the correct path for your environment.
Note:
If the Oracle Identity Analytics log file is going to be created in any folder other than the default log folder as defined by the application server, complete the step. Otherwise, skip and go to the next step.
In a text editor, open the log4j.properties file located in the $TEMP/WEB-INF folder.
Locate the following line under # File Appender.
log4j.appender.file.file=logs/rbacx.log
Replace logs/rbacx.log with the full path to where the log file should be written.
For example, the line should look like this:
log4j.appender.file.file=/opt/Oracle/OIA_Install/logs/rbacx.log
Update the jasper.properties file.
In a text editor, open the jasper.properties file located in the WEB-INF/classes folder.
Add the following line to the end of the file:
net.sf.jasperreports.compiler.classpath=Path to your rbacx folder/rbacx/WEB-INF/lib/jasperreports-2.0.5-javaflow.jar
Note:
The path to the rbacx deployment folder will vary on the application server.
Make the following changes to enable Oracle Identity Analytics support for clustered application server deployments.
Navigate to the $TEMP/WEB-INF directory.
In a text editor, open application-context.xml, find bean ID commManager, and examine the constructor-arg value.
Set the constructor-arg value as the cluster name---for example, value="Prod-1-Cluster".
If Oracle Identity Analytics is deployed on multiple clusters within the same subnet, you should define unique constructor-arg values for each deployment. For example, if both clusters Prod-Cluster and QA-Cluster have Oracle Identity Analytics deployed, the constructor-arg values of each should be set to Prod-Cluster and QA-Cluster respectively.
Members of the same cluster should have the same constructor-arg value.
In bean ID commManager, locate the constructor-arg index="1" value.
Replace the value with the IP address of each cluster member. This setting binds the multicast addresses to the IP addresses. In addition, add the enabled property and set it to true. For example:
<constructor-arg index="1" value="140.84.134.133;140.84.135.88"/> <property name="enabled" value="true"/>
Save the application-context.xml file.
In a text editor, open search-context.xml, find bean ID searchConfiguration, and examine the constructor-arg value.
For a clustered deployment, constructor-arg defaults to a value of 1 or 2 depending on the location of the .indexes directory.
To set the constructor-arg value, do the following:
If each clustered node will be accessing local individual .indexes directories, set constructor-arg to 1. For example, value="1".
If clustered nodes will be accessing a shared.indexes directory, set constructor-arg to 2. For example, value="2". The .indexes directory needs to be located on an NFS share location where each clustered node has read-write permission. Edit indexLocation such that the NFS share location replaces $RBACX_HOME in the value field.
If multiple instances of Oracle Identity Analytics, standalone or clustered, exist on the same subnet, navigate to the $TEMP/WEB-INF/classes directory and do the following:
In a text editor, open oscache.properties (located in the $TEMP/WEB-INF/classes directory), and find the cache.cluster.multicast.ip property.
Uncomment cache.cluster.multicast.ip by removing # at the start of the line. Each non-member instance requires a unique cache.cluster.multicast.ip value.
Uncomment the following line by removing the # at the start of the line.
cache.event.listeners=com.opensymphony.oscache.plugins.clustersupport.JavaGroupsBroadcastingListener,com.opensymphony.oscache.extra.CacheMapAccessEventListenerImpl
If you are using OIA Web Services, uncomment its configuration.
See the API Guide for Oracle Identity Analytics, "Enabling Web Services."
Repackage the .war file in the $TEMP directory if changes are made. Type the following commands in the test environment:
cd $TEMP
jar cvfM $RBACXWAR/rbacx.war .
Uninstall Oracle Identity Analytics from the application server.
Deploy the rebuilt Oracle Identity Analytics .war file on the target application server.
Refer to Chapter 4, "Deploying Oracle Identity Analytics" for instructions about Oracle Identity Analytics deployment.
Start the application server.
Go to the following address in a browser:
https://Hostname:Port-Number/rbacx/welcome.action
When the Welcome screen appears, enter your rbacxadmin user name and password and verify that the installation is successful.
Open the rbacx.log file and check for errors.
The installation is successful if a message similar to the following appears in the rbacx.log file:
Oracle Identity Analytics(build: 11.1.1.5.0.201107nn_nn_nnnn) Started
The following items should be completed after the upgrade process completes, but before you start testing the deployment.
To migrate Role Provisioning and Identity Audit rules, open scheduling-context.xml using a text editor and find bean ID quartzSchedulerFactoryBean.
Stop the Oracle Identity Analytics application if it is running.
Locate the jobDetails list and uncomment rmeRuleMigrationJob and identityAuditDataMigrationJob.
Locate the triggers list and uncomment rmeRuleMigrationJobTrigger and identityAuditDataMigrationTrigger.
Start the Oracle Identity Analytics application.
The Role Provisioning and Identity Audit rules migration job runs.
After a successful run, disable the migration job.
Stop the Oracle Identity Analytics application.
Navigate to the rbacx.war directory exploded by the application server and locate scheduling-context.xml under rbacx/WEB-INF for UNIX and under rbacx\WEB-INF for Windows.
Open scheduling-context.xml using a text editor and find bean ID quartzSchedulerFactoryBean.
Locate the jobDetails list and comment out rmeRuleMigrationJob and identityAuditDataMigrationJob.
Locate the triggers list and comment out rmeRuleMigrationJobTrigger and identityAuditDataMigrationTrigger.
Start the Oracle Identity Analytics application.
If your test environment includes incomplete certifications, enable the idcMigrationJob. This job updates active certification data to be compatible with Oracle Identity Analytics version 11.1.1.5. This job only needs to run successfully one time in your test environment, after which it can be disabled.
Stop the Oracle Identity Analytics application if it is running.
Navigate to $RBACX_HOME/WEB-INF/ and open scheduling-context.xml in a text editor.
Uncomment the following two entries and save your changes:
<!--ref bean="idcMigrationJob"/-->
<!--ref bean="idcMigrationTrigger"/-->
To monitor the upgrade job's output, open $RBACX_HOME/WEB-INF/log4j.properties, add the following line, and save your changes:
log4j.logger.com.vaau.rbacx.scheduling.executor.idc.IDCMigrationExecutor=DEBUG
Start the Oracle Identity Analytics application.
The Identity Certification Migration job runs.
Open the OIA System Log and verify that the job completed successfully. The OIA System Log is located here: $RBACX_HOME/logs/rbacx.log
After a successful run, disable the Identity Certification Migration job:
Stop the Oracle Identity Analytics application.
Comment out the idcMigrationJob and idcMigrationTrigger entries and save your changes.
Start the Oracle Identity Analytics application.
Testing is a crucial step before deploying the upgraded image to the production environment.
Create and execute an effective test plan for the development package. A generic test plan should include the following items.
Introduction
Description of this document
Related documents
Schedule and milestones
Resource requirements
Hardware
Software (test tools)
Features to test / test approach
New features testing
Regression testing
Features not to test
Test deliverables
Dependencies / risk
It is important to document all changes that occur during the test upgrade. Consider documenting the following during the test upgrade process:
List the version control system in use
Verify that all existing customizations are tagged and stored in the version
Control system
Check all new customizations after completing the test upgrade cycle
Create an image that consists of all the changed objects that Oracle Identity Analytics stored in the test system during the test upgrade. Deploy this image into production after upgrading the production environment.