8 Upgrading Oracle Identity Analytics in a Test Environment

This chapter contains the following sections:

8.1 Create a Test Environment

Create a test environment similar to the production environment. Replicate the following items from the production environment using the same hardware and software versions:

  • Application server

  • Database server

  • Web server (optional component)

  • Common client machine with the corporate image and browser

  • Resources and other integrated applications

  • Oracle Identity Analytics version and configuration

8.2 Verify That Your Environment is Properly Configured for OIA

In replicating your production environment you should have set the RBACX_HOME environment variable and configured your JVM options. Before you upgrade, verify that these important settings are correct in your test environment.

8.2.1 Verify the RBACX_HOME Environment Variable Setting

Before upgrading Oracle Identity Analytics verify that the RBACX_HOME environment variable has been permanently created and is set to the directory where you will install Oracle Identity Analytics. To create a permanent environment variable, refer to your operating system documentation for instructions.

Note:

  • A permanent $RBACX_HOME environment variable should be created under the application server's owner profile. Oracle Identity Analytics deployment will fail if RBACX_HOME is declared in a profile inaccessible by the application server.

  • For a clustered deployment, the $RBACX_HOME environment variable needs to be created on every cluster member.

8.2.2 Verify the JVM Options

Refer to your application server's documentation for information about configuring JVM options.

  • You should determine your memory need and set values in your application server's JVM accordingly. The recommended memory settings are as follows:

    -Xmx2048m -Xms2048m

    Depending on your specific implementation, you might need to increase these recommended values if you face performance issues with the web interface. Keeping a low minimum value minimizes garbage collection, whereas keeping a higher value decreases response time in the web interface.

  • IPv4 is required by Oracle Identity Analytics for network communication. If necessary, add the following JVM option to enforce IPv4 preference over IPv6:

    -Djava.net.preferIPv4Stack=true

Also, ensure that your OS is configured to use IPv4. Refer to your operating system documentation for instructions to enable the IPv4 stack.

8.3 Create Upgrade Directories and Set Environment Variables

Complete these steps in preparation for upgrading your software.

8.3.1 Create the Directories Needed During the Upgrade Process

  1. Create a directory named OIA_Upgrade.

    For example:

    • Windows - C:\OIA_Upgrade

    • UNIX - /opt/OIA_Upgrade

  2. Unpack the Oracle Identity Analytics installation package (the upgrade software) to the OIA_Upgrade directory.

    • Windows:

      unzip oia_install_package.zip -d OIA_Upgrade

    • UNIX:

      unzip oia_install_package.zip -d OIA_Upgrade

  3. Verify that the Oracle Identity Analytics folder structure was properly created.

    The directory should consist of at least the following folders and files.

    Table 8-1 Contents of the Base OIA Directory

    Name Type

    .indexes

    folder

    conf

    folder

    db

    folder

    legal

    folder

    rbacx.war

    file

    reports

    folder

    sample

    folder


  4. Create a directory named OIA_Temp.

    This is the directory to which you will later extract the rbacx.war file. Here you will make configuration changes (as needed) prior to recreating the rbacx.war file.

    For example:

    • Windows - C:\OIA_Temp

    • UNIX - /opt/OIA_Temp

  5. Create a directory named OIA_Lib.

    Later in Section 8.4, "Download Third-party Library Files" you will copy or download external and third-party files to this location.

    For example:

    • Windows - C:\OIA_Lib

    • UNIX - /opt/OIA_Lib

8.3.2 Set the Environment Variable Needed During the Upgrade Process

Set the following environment variables in your test environment.

  • Windows:

    Type the following commands at a command prompt:

    • set INSPATH=Path to the OIA_Upgrade directory

      For example: set INSPATH=C:\OIA_Upgrade

    • set TEMP=Path to the OIA_Temp directory

      For example: set TEMP=C:\OIA_Temp

    • set OIA_LIB=Path to the OIA_Lib directory

      For example: set OIA_LIB=C:\OIA_Lib

    • set RBACXWAR=Path to the Oracle Identity Analytics deployment directory

      This is where the updated rbacx.war file you create will be placed.

      For example: set RBACXWAR=application server install directory\webapps

  • UNIX:

    Type the following commands at a command prompt:

    • export INSPATH=Path to the OIA_Upgrade directory

      For example: export INSPATH=/opt/OIA_Upgrade

    • export TEMP=Path to the OIA_Temp directory

      For example: export TEMP=/opt/OIA_Temp

    • export OIA_LIB=Path to the OIA_Lib directory

      For example: export OIA_LIB=/opt/OIA_Lib

    • export RBACXWAR=Path to the Oracle Identity Analytics deployment directory

      This is where the updated rbacx.war file you create will be placed.

      For example: export RBACXWAR=application server install directory/webapps

8.4 Download Third-party Library Files

Prior to upgrading, download or copy the files in this section. Save the files to the OIA_LIB library folder that you created in Section 8.3.1, "Create the Directories Needed During the Upgrade Process."

8.4.1 JDBC Drivers

For Oracle Database Server, download from the Oracle website the ojdbc5.jar driver if using JDK 1.5, and download the ojdbc6.jar driver if using JDK 1.6. The JDBC driver file you choose needs to support both the JDK version you are running, as well as the backend Oracle database instance version.

8.4.2 The jasper-jdt.jar File

This file is required by the Oracle Identity Analytics certification and reporting feature.

Download the jasper-jdt.jar file and paste it to the OIA_LIB folder:

http://tomcat.apache.org/dev/dist/m2-repository/org/apache/tomcat/jasper-jdt/6.0.18/

8.4.3 The CloverETL Library

OIA uses CloverETL for data import and export transformations.

Download the CloverETL Engine class files, version 1.8.1 from this site:

http://download.berlios.de/cloveretl/cloverETL.rel-1-8-1.zip

Next, complete the following steps to convert the library file to a JAR file.

8.4.3.1 To Create the CloverETL Library JAR File

Before You Begin - You will need the unzip utility and at least a Java 5 JDK.

  1. Create a working directory named files and then open the directory:

    mkdir files

    cd files

  2. Check the integrity of the .zip file and then expand it:

    unzip -tq ../cloverETL.rel-1-8-1.zip

    unzip -q ../cloverETL.rel-1-8-1.zip

  3. Remove the log4j.properties file to prevent a file conflict in OIA:

    rm log4j.properties

  4. Go to the parent directory:

    cd ..

  5. Create the JAR manifest input file clover.mf, which consists of these lines:

    Implementation-Version: 1.8.1
    Implementation-Title: jETeL/Clover
    Implementation-URL:
    http://download.berlios.de/cloveretl/cloverETL.rel-1-8-1.zip
    Implementation-Vendor-Id: org.jetel 
    
  6. Create the JAR file:

    jar -cf cloverETL-1.8.1.jar -m clover.mf -C files .

  7. Copy the cloverETL-1.8.1.jar file to the OIA_LIB folder.

8.4.4 The jxl-2.5.9.jar File

OIA uses the Java-Excel API to import data from an Excel spreadsheet file.

Download the jxl-2.5.9.jar file from this site:

http://www.andykhan.com/jexcelapi/

8.4.5 The Web Services Description Language for Java Toolkit (WSDL4J)

OIA uses the Web Services Description Language for Java Toolkit (WSDL4J.jar) for provisioning server integration, among other things. If you are using Oracle Identity Analytics Web Services, download the WSDL4J JAR file.

8.4.5.1 To Download and Extract the WSDL4J JAR File

  1. Download the wsdl4j-bin-1.6.1.zip file from this site:

    http://sourceforge.net/projects/wsdl4j/files/WSDL4J/1.6.1/

    Next, follow these steps to extract the wsdl4j.jar file and copy it to the OIA_LIB folder.

  2. Verify the zip file was downloaded without errors:

    • Windows:

      unzip -tq wsdl4j-bin-1.6.1.zip

    • UNIX:

      unzip -tq wsdl4j-bin-1.6.1.zip

  3. Extract the wsdl4j.jar file:

    • Windows:

      unzip -q wsdl4j-bin-1.6.1.zip wsdl4j-1_6_1\lib\wsdl4j.jar

    • UNIX:

      unzip -q wsdl4j-bin-1.6.1.zip wsdl4j-1_6_1/lib/wsdl4j.jar

  4. Copy the JAR file to the OIA_LIB folder and rename it to include the version number:

    • Windows:

      move wsdl4j-1_6_1\lib\wsdl4j.jar %OIA_LIB%\wsdl4j-1.6.1.jar

    • UNIX:

      mv wsdl4j-1_6_1/lib/wsdl4j.jar $OIA_LIB/wsdl4j-1.6.1.jar

  5. Clean up:

    • Windows:

      del /F wsdl4j-bin-1.6.1.zip wsdl4j-1_6_1\

    • UNIX:

      rm -fr wsdl4j-bin-1.6.1.zip wsdl4j-1_6_1/

8.5 Prepare to Upgrade the Test Environment

Before upgrading the Oracle Identity Analytics installation in the test environment, do the following:

Before You Begin - Shut down the Oracle Identity Analytics instance running on the system before backing up your files.

  1. Back up the current Oracle Identity Analytics installation

    Before upgrading, back up the Oracle Identity Analytics database and the directory where Oracle Identity Analytics is installed. Use third-party backup software or a backup utility supplied with the operating system to back up the Oracle Identity Analytics file system. To back up the database, refer to the documentation provided by your database vendor.

  2. Back up customized Oracle Identity Analytics repository objects

    Oracle Identity Analytics provides a set of database objects, such as workflow task definitions, that are usually customized for an environment. The upgrade process replaces some of these objects in the database after saving them in the file system.

  3. Verify the environment

    Before upgrading Oracle Identity Analytics in the test environment, verify the following:

    • All servers are present on the network

    • The schema is up-to-date

    • The location of the Oracle Identity Analytics application is correct

8.6 Upgrade the OIA Schema on the Database Server

Before you upgrade the Oracle Identity Analytics software, upgrade the schema on the database server.

This section is organized as follows:

8.6.1 To Upgrade the OIA Schema on the Database Server on a Windows Platform

Before You Begin - You should have created a backup of the Oracle Identity Analytics database.

Oracle Database

You can upgrade the Oracle Identity Analytics schema using either the command prompt or the Oracle iSQL Plus Web Console (available in Oracle 10g Database Server). If the Oracle Database Server is not installed locally, use the iSQL Plus Web Console to upgrade the schema.

  • To upgrade the schema from a command prompt, follow these steps:

    1. Stop the application server running Oracle Identity Analytics.

    2. Navigate to the directory containing the upgrade scripts (C:\OIA_Upgrade\db\oracle) by typing:

      C:\> cd C:\%OIA_Upgrade%\db\oracle

    3. Run the following command(s) to execute the upgrade script(s):

      C:\> sqlplus rbacxservice/rbacxservice @rbacx-previous_version_To_current_version_oracle.sql

  • To create the schema using the iSQL Plus Web Console, follow these steps:

    1. Open the following URL in a web browser. The default port for the iSQL Plus Web Console is 5560.

      http://hostname:5560/isqlplus

    2. Select Load Script and browse to C:\%OIA_Upgrade%\db\oracle.

    3. Locate the file rbacx-previous_version_To_current_version_oracle.sql and click Load.

      Note:

      For Oracle Identity Analytics 11gR1 PS1 the version number is 11.1.1.5.0.

      The Oracle Identity Analytics upgrade schema creation script is loaded into the workspace window.

    4. Click Execute.

      The script is executed and the Oracle Identity Analytics schema is upgraded on the system.

8.6.2 To Upgrade the OIA Schema on the Database Server on a UNIX Platform

Before You Begin - You should have created a backup of the Oracle Identity Analytics database.

Oracle Database

You can upgrade the Oracle Identity Analytics schema using either the command prompt or the Oracle iSQL Plus Web Console (available in Oracle 10g Database Server). If the Oracle Database Server is not installed locally under the /opt directory, use the iSQL Plus Web Console to upgrade the schema.

Note:

For Oracle Identity Analytics 11gR1 PS1 the version number is 11.1.1.5.0.

  • To upgrade the schema from a command prompt, follow these steps:

    1. Stop the application server running Oracle Identity Analytics.

    2. Navigate to the directory containing the upgrade scripts (/opt/OIA_Upgrade/db) by typing:

      $ su - oracle

      $ export ORACLE_HOME=/opt/oracle/Path-to-Oracle-Database-Install-Directory

      $ cd /opt/OIA_Upgrade/db/oracle

    3. Run the following command(s) to execute the upgrade script(s):

      $ ./sqlplus rbacxservice/rbacxservice @rbacx-previous_version_To_current_version_oracle.sql

      The Oracle Identity Analytics database schema is upgraded on Oracle Database server.

  • To create the schema using the iSQL Plus Web Console, follow these steps:

    1. Open the following URL in a web browser. The default port for the iSQL Plus Web Console is 5560.

      http://hostname:5560/isqlplus

    2. Select Load Script and browse to /opt/OIA_Upgrade/db/oracle.

    3. Locate the file rbacx-previous_version_To_current_version_oracle.sql and click Load.

      The Oracle Identity Analytics schema upgrade script is loaded into the workspace window.

    4. Click Execute.

      The script is executed and the Oracle Identity Analytics schema is upgraded on the system.

8.7 Upgrade the Oracle Identity Analytics Environment

After upgrading the schema on the database server, upgrade your Oracle Identity Analytics software.

This section is organized as follows:

8.7.1 To Upgrade the Environment on a Windows Platform for a Standalone Deployment

Use the following steps to upgrade Oracle Identity Analytics on a supported Windows platform.

  1. Stop the application server.

  2. Clear the cache on your application server.

    For instructions, consult your application server documentation.

    Note:

    On WebLogic, delete the cache and tmp folders.

    If there is a stage folder, delete \stage\rbacx as well. Or, if you changed the default application name, delete \stage\nameOfYourOiaApp.

  3. Upgrade the report-related files in the RBACX_HOME\reports directory:

    1. Remove the existing files from the RBACX_HOME\reports directory:

      rmdir /s /q %RBACX_HOME%\reports

    2. Copy the reports that are appropriate for your database to the RBACX_HOME\reports folder.

      The following sample steps assume that the target database server is Oracle Database.

      xcopy %INSPATH%\reports %RBACX_HOME%\reports /I/E

      xcopy %RBACX_HOME%\reports\oracle * %RBACX_HOME%\reports

  4. Upgrade the search-related files in the RBACX_HOME\.indexes directory:

    1. Remove search-related files from the RBACX_HOME\.indexes directory:

      rmdir /s /q %RBACX_HOME%\.indexes

    2. Copy the files related to advanced search from the upgrade folder to the RBACX_HOME\.indexes folder:

      xcopy %INSPATH%\.indexes %RBACX_HOME%\.indexes /I/E

  5. Make changes to the following files located under the %INSPATH%\conf directory to reflect customizations as documented in Section 7.3, "Documenting Custom Components."

    • iam.properties - In a text editor, replace any occurrences of $RBACX_HOME with the Oracle Identity Analytics installation directory path.

    • jdbc.properties -

      • In a text editor, edit the following lines, substituting $SERVER_NAME and $PORT_NUMBER with the host name and connectivity port of the target database.

      • Copy the JDBC account password from your current jdbc.properties file (%RBACX_HOME%\conf\jdbc.properties) to the new %INSPATH%\conf\jdbc.properties file. The JDBC account password for the default user rbacxservice is stored in the Oracle Identity Analytics jdbc.properties file as property jdbc.password.encrypted.

        For example:

        jdbc.password.encrypted=d579601be2566d0095865af775bf7371
          
        

        Copying the JDBC account password is required to ensure that OIA starts successfully.

    • ldap.properties - Refer to the "Authenticating With LDAP" chapter in the System Integrator's Guide for Oracle Identity Analytics for information about LDAP customizations.

    • rm_idm_init.xml - This file (the SPML exchange file) is required by Oracle Identity Analytics to exchange and manage information with Oracle Waveset (Sun Identity Manager).

  6. Replace the files in the RBACX_HOME\conf directory with the files you changed in the previous step:

    1. Remove the conf directory from RBACX_HOME:

      rmdir /s /q %RBACX_HOME%\conf

    2. Copy the upgraded conf directory files to the RBACX_HOME directory:

      xcopy %INSPATH%\conf %RBACX_HOME%\conf /I/E

  7. Expand the rbacx.war file.

    cd %TEMP%

    jar -xvf %INSPATH%\rbacx.war

    In the following steps you will make configuration changes to the expanded rbacx.war file.

  8. If you are using CloverETL, enable it in the configuration as follows:

    1. In a text editor, open WEB-INF/etl-context.xml and uncomment the etlManager bean definition.

    2. In a text editor, open WEB-INF/iam-context.xml and uncomment the etlManager bean reference in the property list of the file bean definition.

  9. Copy the downloaded third-party library files to the library directory in the expanded WAR file:

    copy %OIA_LIB% %TEMP%\WEB-INF\lib

  10. Apply any customizations necessary for the environment to the expanded .war file in the %TEMP% directory.

  11. Update the log4j.properties file with the correct path for your environment.

    Note:

    If the Oracle Identity Analytics log file is going to be created in any folder other than the default log folder as defined by the application server, complete the step. Otherwise, skip and go to the next step.

    1. In a text editor, open the log4j.properties file located in the %TEMP%\WEB-INF folder.

    2. Locate the following line under # File Appender.

      log4j.appender.file.file=logs\rbacx.log

    3. Replace logs\rbacx.log with the full path to where the log file should be written.

      For example, the line should look like this:

      log4j.appender.file.file=C:\Oracle\OIA_Install\logs\rbacx.log

  12. Update the jasper.properties file.

    1. In a text editor, open the jasper.properties file located in the %TEMP%\WEB-INF\classes folder.

    2. Add the following line to the end of the file:

      net.sf.jasperreports.compiler.classpath=Path to your rbacx folder\rbacx\WEB-INF\lib\jasperreports-2.0.5-javaflow.jar

      Note:

      The path to the rbacx deployment folder will vary on the application server.

  13. Make the following changes if there are multiple instances of Oracle Identity Analytics, standalone or clustered, on the same subnet.

    1. Navigate to the %TEMP%\WEB-INF directory.

    2. In a text editor, open application-context.xml, find bean ID commManager, and examine the constructor-arg value.

    3. Set the constructor-arg value with a unique instance name, for example value="OIA-Instance-1".

    4. In bean ID commManager, locate the constructor-arg index="1" value.

    5. Replace the value with the IP address of each cluster member. This setting binds the multicast addresses to the IP addresses. In addition, add the enabled property and set it to true. For example:

      <constructor-arg index="1" value="140.84.134.133;140.84.135.88"/>
      <property name="enabled" value="true"/>
      

      Save the application-context.xml file.

    6. In a text editor, open search-context.xml, find bean ID searchConfiguration, and examine the constructor-arg value.

      If this is a standalone deployment, set the constructor-arg defaults to a value of 0, which is specified as value="0".

    7. Navigate to the %TEMP%\WEB-INF\classes directory and do the following:

      • In a text editor, open oscache.properties (located in the %TEMP%\WEB-INF\classes directory), and find the cache.cluster.multicast.ip property.

      • Uncomment cache.cluster.multicast.ip by removing the # at the start of the line. Each Oracle Identity Analytics instance requires a unique cache.cluster.multicast.ip value.

      • Uncomment the following line by removing the # at the start of the line.

        cache.event.listeners=com.opensymphony.oscache.plugins.clustersupport.JavaGroupsBroadcastingListener,com.opensymphony.oscache.extra.CacheMapAccessEventListenerImpl
        
  14. If you are using OIA Web Services, uncomment its configuration.

    See the API Guide for Oracle Identity Analytics, "Enabling Web Services."

  15. Repackage the .war file in the %TEMP% directory if changes are made. Type the following commands in the test environment:

    cd %TEMP%

    jar -cvfM %RBACXWAR%\rbacx.war .

  16. Uninstall Oracle Identity Analytics from the application server.

  17. Deploy the rebuilt Oracle Identity Analytics .war file on the target application server.

    Refer to Chapter 4, "Deploying Oracle Identity Analytics" for instructions about deploying Oracle Identity Analytics.

  18. Start the application server.

  19. Go to the following address in a browser:

    https://Hostname:Port-Number/rbacx/welcome.action

    When the Welcome screen appears, enter your rbacxadmin user name and password and verify that the installation is successful.

  20. Open the rbacx.log file and check for errors.

    The installation is successful if a message similar to the following appears in the rbacx.log file:

    Oracle Identity Analytics(build: 11.1.1.5.0.201107nn_nn_nnnn) Started

8.7.2 To Upgrade the Environment on a UNIX Platform for a Standalone Deployment

Use the following steps to upgrade Oracle Identity Analytics manually on a supported UNIX platform.

  1. Stop the application server.

  2. Clear the cache on your application server.

    For instructions, consult your application server documentation.

    Note:

    On WebLogic, delete the cache and tmp folders.

    If there is a stage / staging folder, delete /stage/rbacx as well. Or, if you changed the default application name, delete /stage/nameOfYourOiaApp.

  3. Upgrade the report-related files in the RBACX_HOME/reports directory:

    1. Remove the existing files from the RBACX_HOME/reports directory:

      /usr/bin/rm -f $RBACX_HOME/reports

    2. Copy the reports that are appropriate for your database to the RBACX_HOME/reports folder.

      The following sample steps assume that the target database server is Oracle Database.

      cp -R $INSPATH/reports $RBACX_HOME/.

      cp -R $RBACX_HOME/reports/oracle/* $RBACX_HOME/reports/.

  4. Upgrade the search-related files in the RBACX_HOME/.indexes directory:

    1. Remove search-related files from the RBACX_HOME/.indexes directory:

      /usr/bin/rm -f $RBACX_HOME/.indexes

    2. Copy the files related to advanced search from the upgrade folder to the RBACX_HOME/.indexes folder:

      cp -R $INSPATH/.indexes $RBACX_HOME/.

  5. Make changes to the following files located under the $INSPATH/conf directory to reflect customizations as documented in Section 7.3, "Documenting Custom Components."

    • iam.properties - In a text editor, replace any occurrences of $RBACX_HOME with the Oracle Identity Analytics installation directory path.

    • jdbc.properties -

      • In a text editor, edit the following lines, substituting $SERVER_NAME and $PORT_NUMBER with the host name and connectivity port of the target database.

      • Copy the JDBC account password from your current jdbc.properties file ($RBACX_HOME/conf/jdbc.properties) to the new $INSPATH/conf/jdbc.properties file. The JDBC account password for the default user rbacxservice is stored in the Oracle Identity Analytics conf/jdbc.properties file as property jdbc.password.encrypted.

        For example:

        jdbc.password.encrypted=d579601be2566d0095865af775bf7371
          
        

        OIA will not start if you do not use your existing JDBC account password.

    • ldap.properties - Refer to the "Authenticating With LDAP" chapter in the System Integrator's Guide for Oracle Identity Analytics for instructions on LDAP customizations.

    • rm_idm_init.xml - This file is required by Oracle Identity Analytics to exchange and manage information with Identity Manager.

  6. Replace the files in the RBACX_HOME/conf directory with the files you changed in the previous step:

    1. Remove the conf directory from RBACX_HOME:

      /usr/bin/rm -f $RBACX_HOME/conf

    2. Copy the upgraded conf directory files to the RBACX_HOME directory:

      cp -R $INSPATH/conf $RBACX_HOME/.

  7. Expand the rbacx.war file.

    cd $TEMP

    jar xvf $INSPATH/rbacx.war

    In the following steps you will make configuration changes to the expanded rbacx.war file.

  8. If you are using CloverETL, enable it in the configuration as follows:

    1. In a text editor, open WEB-INF/etl-context.xml and uncomment the etlManager bean definition.

    2. In a text editor, open WEB-INF/iam-context.xml and uncomment the etlManager bean reference in the property list of the file bean definition.

  9. Copy the downloaded third-party library files to the library directory in the expanded WAR file:

    cp $OIA_LIB/* $TEMP/WEB-INF/lib

  10. Apply any customizations necessary for the environment to the extracted .war file in the $TEMP directory.

  11. Update the log4j.properties file with the correct path for your environment.

    Note:

    If the Oracle Identity Analytics log file is going to be created in any folder other than the default log folder as defined by the application server, complete the step. Otherwise, skip and go to the next step.

    1. In a text editor, open the log4j.properties file located in the $TEMP/WEB-INF folder.

    2. Locate the following line under # File Appender.

      log4j.appender.file.file=logs/rbacx.log

    3. Replace logs/rbacx.log with the full path to where the log file should be written.

      For example, the line should look like this:

      log4j.appender.file.file=/opt/Oracle/OIA_Install/logs/rbacx.log

  12. Update the jasper.properties file.

    1. In a text editor, open the jasper.properties file located in the WEB-INF/classes folder.

    2. Add the following line to the end of the file:

      net.sf.jasperreports.compiler.classpath=Path to your rbacx folder/rbacx/WEB-INF/lib/jasperreports-2.0.5-javaflow.jar

      Note:

      The path to the rbacx deployment folder will vary on the application server.

  13. Make the following changes if there are multiple instances of Oracle Identity Analytics, standalone or clustered, on the same subnet.

    1. Navigate to the $TEMP/WEB-INF directory.

    2. In a text editor, open application-context.xml, find bean ID commManager, and examine the constructor-arg value.

    3. Set the constructor-arg value with a unique instance name, for example value="OIA-Instance-1".

    4. In a text editor, open search-context.xml, find bean ID searchConfiguration, and examine the constructor-arg value.

      If this is a standalone deployment, set the constructor-arg defaults to a value of 0, which is specified as value="0".

    5. In bean ID commManager, locate the constructor-arg index="1" value.

    6. Replace the value with the IP address of each cluster member. This setting binds the multicast addresses to the IP addresses. In addition, add the enabled property and set it to true. For example:

      <constructor-arg index="1" value="140.84.134.133;140.84.135.88"/>
      <property name="enabled" value="true"/>
      

      Save the application-context.xml file.

    7. Navigate to the $TEMP/WEB-INF/classes directory and do the following:

      • In a text editor, open oscache.properties (located in the $TEMP/WEB-INF/classes directory), and find the cache.cluster.multicast.ip property.

      • Uncomment cache.cluster.multicast.ip by removing the # at the start of the line. Each Oracle Identity Analytics instance requires a unique cache.cluster.multicast.ip value.

      • Uncomment the following line by removing the # at the start of the line.

        cache.event.listeners=com.opensymphony.oscache.plugins.clustersupport.JavaGroupsBroadcastingListener,com.opensymphony.oscache.extra.CacheMapAccessEventListenerImpl
        
  14. If you are using OIA Web Services, uncomment its configuration.

    See the API Guide for Oracle Identity Analytics, "Enabling Web Services."

  15. Repackage the .war file in the $TEMP directory if you made changes.

    Type the following commands in the test environment:

    cd $TEMP

    jar cvfM $RBACXWAR/rbacx.war .

  16. Uninstall Oracle Identity Analytics from the application server.

  17. Deploy the rebuilt Oracle Identity Analytics .war file on the target application server.

    Refer to Chapter 4, "Deploying Oracle Identity Analytics" for more information.

  18. Start the application server.

  19. Go to the following address in a browser:

    https://Hostname:Port-Number/rbacx/welcome.action

    When the Welcome screen appears, enter your rbacxadmin user name and password and verify that the installation is successful.

  20. Open the rbacx.log file and check for errors.

    The installation is successful if a message similar to the following appears in the rbacx.log file:

    Oracle Identity Analytics(build: 11.1.1.5.0.201107nn_nn_nnnn) Started

8.7.3 To Upgrade the Environment on a Windows Platform for a Clustered Deployment

Use the following steps to upgrade Oracle Identity Analytics on a supported Windows platform.

  1. Stop the application server.

  2. Clear the cache on your application servers.

    For instructions, consult your application server documentation.

    Note:

    On WebLogic, delete the cache and tmp folders.

    If there is a stage (or staging) folder, delete \stage\rbacx as well. Or, if you changed the default application name, delete \stage\nameOfYourOiaApp.

  3. Upgrade the report-related files in the RBACX_HOME\reports directory:

    1. Remove the existing files from the RBACX_HOME\reports directory:

      rmdir /s /q %RBACX_HOME%\reports

    2. Copy the reports that are appropriate for your database to the RBACX_HOME\reports folder.

      The following sample steps assume that the target database server is Oracle Database.

      xcopy %INSPATH%\reports %RBACX_HOME%\reports /I/E

      xcopy %RBACX_HOME%\reports\oracle * %RBACX_HOME%\reports

  4. Upgrade the search-related files in the RBACX_HOME\.indexes directory:

    1. Remove search-related files from the RBACX_HOME\.indexes directory:

      rmdir /s /q %RBACX_HOME%\.indexes

    2. Copy the files related to advanced search from the upgrade folder to the RBACX_HOME\.indexes folder:

      xcopy %INSPATH%\.indexes %RBACX_HOME%\.indexes /I/E

  5. Make changes to the following files located under %INSPATH%\conf directory to reflect customizations as documented in Section 7.3.1, "Documenting Custom File-System Objects":

    • iam.properties - In a text editor, replace any occurrences of $RBACX_HOME with the Oracle Identity Analytics installation directory path.

      Note:

      When the application server is clustered, the nodes can maintain localized import/export directories, or utilize import/export directories on a NFS share. If the nodes use a shared NFS location for import/export, substitute $RBACX_HOME with the path to the NFS share.

    • jdbc.properties

      • In a text editor, edit the following lines, substituting $SERVER_NAME and $PORT_NUMBER with the host name and connectivity port of the target database. Refer to Section 3.5, "To Configure Oracle Identity Analytics for Standalone Deployment" for instructions.

      • Make the following change to jdbc.properties for clustered Quartz support:

        jdbc.quartz.isClustered=true

      • Copy the JDBC account password from your current jdbc.properties file (%RBACX_HOME%\conf\jdbc.properties) to the new %INSPATH%\conf\jdbc.properties file. The JDBC account password for the default user rbacxservice is stored in the Oracle Identity Analytics conf\jdbc.properties file as property jdbc.password.encrypted.

        For example:

        jdbc.password.encrypted=d579601be2566d0095865af775bf7371
          
        

        Copying the JDBC account password is required to ensure that OIA starts successfully.

      • Save the jdbc.properties file.

    • ldap.properties - Refer to the "Authenticating With LDAP" chapter in the System Integrator's Guide for Oracle Identity Analytics for instructions on LDAP customizations.

    • rm_idm_init.xml - This file is required by Oracle Identity Analytics to exchange and manage information with Identity Manager.

  6. Replace the files in the RBACX_HOME\conf directory with the files you changed in the previous step:

    1. Remove the conf directory from RBACX_HOME:

      rmdir /s /q %RBACX_HOME%\conf

    2. Copy the upgraded conf directory files to the RBACX_HOME directory:

      xcopy %INSPATH%\conf %RBACX_HOME%\conf /I/E

  7. Expand the rbacx.war file.

    cd %TEMP%

    jar -xvf %INSPATH%\rbacx.war

    In the following steps you will make configuration changes to the expanded rbacx.war file.

  8. If you are using CloverETL, enable it in the configuration as follows:

    1. In a text editor, open WEB-INF/etl-context.xml and uncomment the etlManager bean definition.

    2. In a text editor, open WEB-INF/iam-context.xml and uncomment the etlManager bean reference in the property list of the file bean definition.

  9. Copy the downloaded third-party library files to the library directory in the expanded WAR file:

    copy %OIA_LIB% %TEMP%\WEB-INF\lib

  10. Apply any customizations necessary for the environment to the extracted .war file in the %TEMP% directory.

  11. Update the log4j.properties file with the correct path for your environment.

    Note:

    If the Oracle Identity Analytics log file is going to be created in any folder other than the default log folder as defined by the application server, complete the step. Otherwise, skip and go to the next step.

    1. In a text editor, open the log4j.properties file located in the %TEMP%\WEB-INF folder.

    2. Locate the following line under # File Appender.

      log4j.appender.file.file=logs\rbacx.log

    3. Replace logs\rbacx.log with the full path to where the log file should be written.

      For example, the line should look like this:

      log4j.appender.file.file=C:\Oracle\OIA_Install\logs\rbacx.log

  12. Update the jasper.properties file.

    1. In a text editor, open the jasper.properties file located in the %TEMP%\WEB-INF\classes folder.

    2. Add the following line to the end of the file:

      net.sf.jasperreports.compiler.classpath=Path to your rbacx folder\rbacx\WEB-INF\lib\jasperreports-2.0.5-javaflow.jar

      Note:

      The path to the rbacx deployment folder will vary on the application server.

  13. Make the following changes to enable Oracle Identity Analytics support for clustered application server deployments:

    1. Navigate to the %TEMP%\WEB-INF directory.

    2. In a text editor, open application-context.xml, find bean ID commManager, and examine the constructor-arg value.

    3. Set the constructor-arg value as the cluster name---for example, value="Prod-1-Cluster".

      • If Oracle Identity Analytics is deployed on multiple clusters within the same subnet, you should define unique constructor-arg values for each deployment. For example, if both clusters Prod-Cluster and QA-Cluster have Oracle Identity Analytics deployed, the constructor-arg values of each should be set to Prod-Cluster and QA-Cluster respectively.

      • Members of the same cluster should have the same constructor-arg value.

    4. In bean ID commManager, locate the constructor-arg index="1" value.

    5. Replace the value with the IP address of each cluster member. This setting binds the multicast addresses to the IP addresses. In addition, add the enabled property and set it to true. For example:

      <constructor-arg index="1" value="140.84.134.133;140.84.135.88"/>
      <property name="enabled" value="true"/>
      

      Save the application-context.xml file.

    6. In a text editor, open search-context.xml, find bean ID searchConfiguration, and examine the constructor-arg value.

      For a clustered deployment, constructor-arg defaults to a value of 1 or 2 depending on the location of the .indexes directory.

      To set the constructor-arg value, do the following:

      • If each clustered node will be accessing local individual .indexes directories, set constructor-arg to 1. For example, value="1".

      • If clustered nodes will be accessing a shared.indexes directory, set constructor-arg to 2. For example, value="2". The .indexes directory needs to be located on an NFS share location where each clustered node has read-write permission. Edit indexLocation such that the NFS share location replaces $RBACX_HOME in the value field.

    7. If multiple instances of Oracle Identity Analytics, standalone or clustered, exist on the same subnet, navigate to the %TEMP%\WEB-INF\classes directory and do the following:

      • In a text editor, open oscache.properties (located in the %TEMP%\WEB-INF\classes directory), and find the cache.cluster.multicast.ip property.

      • Uncomment cache.cluster.multicast.ip by removing # at the start of the line. Each non-member instance requires a unique cache.cluster.multicast.ip value.

      • Uncomment the following line by removing the # at the start of the line.

        cache.event.listeners=com.opensymphony.oscache.plugins.clustersupport.JavaGroupsBroadcastingListener,com.opensymphony.oscache.extra.CacheMapAccessEventListenerImpl
        
  14. If you are using OIA Web Services, uncomment its configuration.

    See the API Guide for Oracle Identity Analytics, "Enabling Web Services."

  15. Repackage the .war file in the %TEMP% directory if changes are made. Type the following commands in the test environment:

    cd %TEMP%

    jar -cvfM %RBACXWAR%\rbacx.war .

  16. Uninstall Oracle Identity Analytics from the application server.

  17. Deploy the rebuilt Oracle Identity Analytics .war file on the target application server.

    Refer to Chapter 4, "Deploying Oracle Identity Analytics" for instructions about Oracle Identity Analytics deployment.

  18. Start the application server.

  19. Go to the following address in a browser:

    https://Hostname:Port-Number/rbacx/welcome.action

    When the Welcome screen appears, enter your rbacxadmin user name and password and verify that the installation is successful.

  20. Open the rbacx.log file and check for errors.

    The installation is successful if a message similar to the following appears in the rbacx.log file:

    Oracle Identity Analytics build: 11.1.1.5.0.201107nn_nn_nnnn) Started

8.7.4 To Upgrade the Environment on a UNIX Platform for a Clustered Deployment

Use the following steps to upgrade Oracle Identity Analytics manually on a supported UNIX platform.

  1. Stop the application servers.

  2. Clear the cache on your application servers.

    For instructions, consult your application server documentation.

    Note:

    On WebLogic, delete the cache and tmp folders.

    If there is a stage / staging folder, delete /stage/rbacx as well. Or, if you changed the default application name, delete /stage/nameOfYourOiaApp.

  3. Upgrade the report-related files in the RBACX_HOME/reports directory:

    1. Remove the existing files from the RBACX_HOME/reports directory:

      /usr/bin/rm -f $RBACX_HOME/reports

    2. Copy the reports that are appropriate for your database to the RBACX_HOME/reports folder.

      The following sample steps assume that the target database server is Oracle Database.

      cp -R $INSPATH/reports $RBACX_HOME/.

      cp -R $RBACX_HOME/reports/oracle/* $RBACX_HOME/reports/.

  4. Upgrade the search-related files in the RBACX_HOME/.indexes directory:

    1. Remove search-related files from the RBACX_HOME/.indexes directory:

      /usr/bin/rm -f $RBACX_HOME/.indexes

    2. Copy the files related to advanced search from the upgrade folder to the RBACX_HOME/.indexes folder:

      cp -R $INSPATH/.indexes $RBACX_HOME/.

  5. Make changes to the following files located under the $INSPATH/conf directory to reflect customizations as documented in Section 7.3, "Documenting Custom Components."

    • iam.properties - In a text editor, replace any occurrences of $RBACX_HOME with the Oracle Identity Analytics installation directory path.

      Note:

      When the application server is clustered, the nodes can maintain localized import/export directories, or utilize import/export directories on a NFS share. If the nodes use a shared NFS location for import/export, substitute $RBACX_HOME with the path to the NFS share.

    • jdbc.properties -

      • In a text editor, edit the following lines, substituting $SERVER_NAME and $PORT_NUMBER with the host name and connectivity port of the target database. Refer to Section 3.5, "To Configure Oracle Identity Analytics for Standalone Deployment" for instructions.

      • Copy the JDBC account password from your current jdbc.properties file ($RBACX_HOME/conf/jdbc.properties) to the new $INSPATH/conf/jdbc.properties file. The JDBC account password for the default user rbacxservice is stored in the Oracle Identity Analytics conf/jdbc.properties file as property jdbc.password.encrypted.

        For example:

        jdbc.password.encrypted=d579601be2566d0095865af775bf7371
          
        

        Copying the JDBC account password is required to ensure that OIA starts successfully.

      Make the following change to jdbc.properties for clustered Quartz support, and save the file:

      jdbc.quartz.isClustered=true

    • ldap.properties - Refer to the "Authenticating With LDAP" chapter in the System Integrator's Guide for Oracle Identity Analytics for instructions on LDAP customizations.

    • rm_idm_init.xml - This file is required by Oracle Identity Analytics to exchange and manage information with Identity Manager.

  6. Replace the files in the RBACX_HOME/conf directory with the files you changed in the previous step:

    1. Remove the conf directory from RBACX_HOME:

      /usr/bin/rm -f $RBACX_HOME/conf

    2. Copy the upgraded conf directory files to the RBACX_HOME directory:

      cp -R $INSPATH/conf $RBACX_HOME/.

  7. Expand the rbacx.war file.

    cd $TEMP

    jar xvf $INSPATH/rbacx.war

    In the following steps you will make configuration changes to the expanded rbacx.war file.

  8. If you are using CloverETL, enable it in the configuration as follows:

    1. In a text editor, open WEB-INF/etl-context.xml and uncomment the etlManager bean definition.

    2. In a text editor, open WEB-INF/iam-context.xml and uncomment the etlManager bean reference in the property list of the file bean definition.

  9. Copy the downloaded third-party library files to the library directory in the expanded WAR file:

    cp $OIA_LIB/* $TEMP/WEB-INF/lib

  10. Apply any customizations necessary for the environment to the extracted .war file in the $TEMP directory.

  11. Update the log4j.properties file with the correct path for your environment.

    Note:

    If the Oracle Identity Analytics log file is going to be created in any folder other than the default log folder as defined by the application server, complete the step. Otherwise, skip and go to the next step.

    1. In a text editor, open the log4j.properties file located in the $TEMP/WEB-INF folder.

    2. Locate the following line under # File Appender.

      log4j.appender.file.file=logs/rbacx.log

    3. Replace logs/rbacx.log with the full path to where the log file should be written.

      For example, the line should look like this:

      log4j.appender.file.file=/opt/Oracle/OIA_Install/logs/rbacx.log

  12. Update the jasper.properties file.

    1. In a text editor, open the jasper.properties file located in the WEB-INF/classes folder.

    2. Add the following line to the end of the file:

      net.sf.jasperreports.compiler.classpath=Path to your rbacx folder/rbacx/WEB-INF/lib/jasperreports-2.0.5-javaflow.jar

      Note:

      The path to the rbacx deployment folder will vary on the application server.

  13. Make the following changes to enable Oracle Identity Analytics support for clustered application server deployments.

    1. Navigate to the $TEMP/WEB-INF directory.

    2. In a text editor, open application-context.xml, find bean ID commManager, and examine the constructor-arg value.

    3. Set the constructor-arg value as the cluster name---for example, value="Prod-1-Cluster".

      • If Oracle Identity Analytics is deployed on multiple clusters within the same subnet, you should define unique constructor-arg values for each deployment. For example, if both clusters Prod-Cluster and QA-Cluster have Oracle Identity Analytics deployed, the constructor-arg values of each should be set to Prod-Cluster and QA-Cluster respectively.

      • Members of the same cluster should have the same constructor-arg value.

    4. In bean ID commManager, locate the constructor-arg index="1" value.

    5. Replace the value with the IP address of each cluster member. This setting binds the multicast addresses to the IP addresses. In addition, add the enabled property and set it to true. For example:

      <constructor-arg index="1" value="140.84.134.133;140.84.135.88"/>
      <property name="enabled" value="true"/>
      

      Save the application-context.xml file.

    6. In a text editor, open search-context.xml, find bean ID searchConfiguration, and examine the constructor-arg value.

      For a clustered deployment, constructor-arg defaults to a value of 1 or 2 depending on the location of the .indexes directory.

      To set the constructor-arg value, do the following:

      • If each clustered node will be accessing local individual .indexes directories, set constructor-arg to 1. For example, value="1".

      • If clustered nodes will be accessing a shared.indexes directory, set constructor-arg to 2. For example, value="2". The .indexes directory needs to be located on an NFS share location where each clustered node has read-write permission. Edit indexLocation such that the NFS share location replaces $RBACX_HOME in the value field.

    7. If multiple instances of Oracle Identity Analytics, standalone or clustered, exist on the same subnet, navigate to the $TEMP/WEB-INF/classes directory and do the following:

      • In a text editor, open oscache.properties (located in the $TEMP/WEB-INF/classes directory), and find the cache.cluster.multicast.ip property.

      • Uncomment cache.cluster.multicast.ip by removing # at the start of the line. Each non-member instance requires a unique cache.cluster.multicast.ip value.

      • Uncomment the following line by removing the # at the start of the line.

        cache.event.listeners=com.opensymphony.oscache.plugins.clustersupport.JavaGroupsBroadcastingListener,com.opensymphony.oscache.extra.CacheMapAccessEventListenerImpl
        
  14. If you are using OIA Web Services, uncomment its configuration.

    See the API Guide for Oracle Identity Analytics, "Enabling Web Services."

  15. Repackage the .war file in the $TEMP directory if changes are made. Type the following commands in the test environment:

    cd $TEMP

    jar cvfM $RBACXWAR/rbacx.war .

  16. Uninstall Oracle Identity Analytics from the application server.

  17. Deploy the rebuilt Oracle Identity Analytics .war file on the target application server.

    Refer to Chapter 4, "Deploying Oracle Identity Analytics" for instructions about Oracle Identity Analytics deployment.

  18. Start the application server.

  19. Go to the following address in a browser:

    https://Hostname:Port-Number/rbacx/welcome.action

    When the Welcome screen appears, enter your rbacxadmin user name and password and verify that the installation is successful.

  20. Open the rbacx.log file and check for errors.

    The installation is successful if a message similar to the following appears in the rbacx.log file:

    Oracle Identity Analytics(build: 11.1.1.5.0.201107nn_nn_nnnn) Started

8.8 Complete the Post-Upgrade Steps in a Test Environment

The following items should be completed after the upgrade process completes, but before you start testing the deployment.

8.8.1 Migrate the Role Provisioning and Identity Audit Rules in the Test Environment

To migrate Role Provisioning and Identity Audit rules, open scheduling-context.xml using a text editor and find bean ID quartzSchedulerFactoryBean.

  1. Stop the Oracle Identity Analytics application if it is running.

  2. Locate the jobDetails list and uncomment rmeRuleMigrationJob and identityAuditDataMigrationJob.

  3. Locate the triggers list and uncomment rmeRuleMigrationJobTrigger and identityAuditDataMigrationTrigger.

  4. Start the Oracle Identity Analytics application.

    The Role Provisioning and Identity Audit rules migration job runs.

  5. After a successful run, disable the migration job.

    1. Stop the Oracle Identity Analytics application.

    2. Navigate to the rbacx.war directory exploded by the application server and locate scheduling-context.xml under rbacx/WEB-INF for UNIX and under rbacx\WEB-INF for Windows.

    3. Open scheduling-context.xml using a text editor and find bean ID quartzSchedulerFactoryBean.

    4. Locate the jobDetails list and comment out rmeRuleMigrationJob and identityAuditDataMigrationJob.

    5. Locate the triggers list and comment out rmeRuleMigrationJobTrigger and identityAuditDataMigrationTrigger.

    6. Start the Oracle Identity Analytics application.

8.8.2 Migrate Incomplete Identity Certification Jobs in the Test Environment

If your test environment includes incomplete certifications, enable the idcMigrationJob. This job updates active certification data to be compatible with Oracle Identity Analytics version 11.1.1.5. This job only needs to run successfully one time in your test environment, after which it can be disabled.

8.8.2.1 To Enable the Identity Certification Migration Job

  1. Stop the Oracle Identity Analytics application if it is running.

  2. Navigate to $RBACX_HOME/WEB-INF/ and open scheduling-context.xml in a text editor.

  3. Uncomment the following two entries and save your changes:

    • <!--ref bean="idcMigrationJob"/-->

    • <!--ref bean="idcMigrationTrigger"/-->

  4. To monitor the upgrade job's output, open $RBACX_HOME/WEB-INF/log4j.properties, add the following line, and save your changes:

    log4j.logger.com.vaau.rbacx.scheduling.executor.idc.IDCMigrationExecutor=DEBUG

  5. Start the Oracle Identity Analytics application.

    The Identity Certification Migration job runs.

  6. Open the OIA System Log and verify that the job completed successfully. The OIA System Log is located here: $RBACX_HOME/logs/rbacx.log

  7. After a successful run, disable the Identity Certification Migration job:

    1. Stop the Oracle Identity Analytics application.

    2. Comment out the idcMigrationJob and idcMigrationTrigger entries and save your changes.

    3. Start the Oracle Identity Analytics application.

8.8.3 Restore Customization After the Upgrade

Set up the customized repository objects to restore application customizations.

8.9 Test the Upgrade Deployment Package

Testing is a crucial step before deploying the upgraded image to the production environment.

8.9.1 To Develop and Execute a Test Plan

Create and execute an effective test plan for the development package. A generic test plan should include the following items.

  1. Introduction

    • Description of this document

    • Related documents

    • Schedule and milestones

  2. Resource requirements

    • Hardware

    • Software (test tools)

  3. Features to test / test approach

    • New features testing

    • Regression testing

  4. Features not to test

  5. Test deliverables

  6. Dependencies / risk

8.9.2 To Record All Changes

It is important to document all changes that occur during the test upgrade. Consider documenting the following during the test upgrade process:

  • List the version control system in use

  • Verify that all existing customizations are tagged and stored in the version

  • Control system

  • Check all new customizations after completing the test upgrade cycle

  • Create an image that consists of all the changed objects that Oracle Identity Analytics stored in the test system during the test upgrade. Deploy this image into production after upgrading the production environment.