19 Upgrading Oracle Adaptive Access Manager Highly Available Environments

This chapter describes how to upgrade Oracle Adaptive Access Manager highly available environments to 11g Release 2 (11.1.2.3.0) on Oracle WebLogic Server, using the manual upgrade procedure.

Note:

If your existing Oracle Identity and Access Management environment was deployed using the Life Cycle Management (LCM) Tools, you must use the automated upgrade procedure to upgrade to Oracle Identity and Access Management 11g Release 2 (11.1.2.3.0).

For information about automated upgrade procedure, supported starting points and topologies, see Chapter 2, "Understanding the Oracle Identity and Access Management Automated Upgrade".

Note:

Before you proceed, check if your existing Oracle Adaptive Access Manager version is supported for high availability upgrade. For more information on supported starting points for high availability upgrade, see Section 3.3, "Supported Starting Points for Oracle Identity and Access Management Manual Upgrade".

This chapter includes the following sections:

19.1 Understanding Oracle Adaptive Access Manager High Availability Upgrade Topology

Figure 19-1 shows the Oracle Adaptive Access Manager cluster set up that can be upgraded to 11.1.2.3.0 by following the procedure described in this chapter.

Figure 19-1 Oracle Adaptive Access Manager High Availability Upgrade Topology

Description of Figure 19-1 follows
Description of ''Figure 19-1 Oracle Adaptive Access Manager High Availability Upgrade Topology''

The host OAAMHOST1 contains the following:

  • An Oracle Adaptive Access Manager Managed Server WLS_OAAM_SERVER1 that hosts Oracle Adaptive Access Manager Server application (OAAM_SERVER).

  • An Oracle Adaptive Access Manager Managed Server WLS_OAAM_OFFLINE1 that hosts Oracle Adaptive Access Manager Offline Server application (OAAM_OFFLINE).

  • An Oracle Adaptive Access Manager Managed Server WLS_OAAM_ADMIN1 that hosts Oracle Adaptive Access Manager Admin application (OAAM_ADMIN).

  • A WebLogic Server Administration Server. Under normal operations, this is the active Administration Server.

The host OAAMHOST2 contains the following:

  • An Oracle Adaptive Access Manager Managed Server WLS_OAAM_SERVER2 that hosts Oracle Adaptive Access Manager Server application (OAAM_SERVER).

  • An Oracle Adaptive Access Manager Managed Server WLS_OAAM_OFFLINE2 that hosts Oracle Adaptive Access Manager Offline Server application (OAAM_OFFLINE).

  • An Oracle Adaptive Access Manager Managed Server WLS_OAAM_ADMIN2 that hosts Oracle Adaptive Access Manager Admin application (OAAM_ADMIN).

  • A WebLogic Server Administration Server. Under normal operations, this is the passive Administration Server. You make this Administration Server active if the Administration Server on OAAMHOST1 becomes unavailable.

The Oracle Adaptive Access Manager Managed Servers WLS_OAAM_SERVER1 and WLS_OAAM_SERVER2 hosting Oracle Adaptive Access Manager Server application on OAAMHOST1 and OAAMHOST2 are configured in a cluster named OAAM_SERVER_CLUSTER, to work in active-active mode.

The Oracle Adaptive Access Manager Managed Servers WLS_OAAM_OFFLINE1 and WLS_OAAM_OFFLINE2 hosting Oracle Adaptive Access Manager Offline Server application on OAAMHOST1 and OAAMHOST2 are configured in a cluster named OAAM_OFFLINE_CLUSTER, to work in active-active mode.

The Oracle Adaptive Access Manager Managed Servers WLS_OAAM_ADMIN1 and WLS_OAAM_ADMIN2 hosting Oracle Adaptive Access Manager Admin application on OAAMHOST1 and OAAMHOST2 are configured in a cluster named OAAM_ADMIN_CLUSTER, to work in active-active mode.

19.2 Upgrade Roadmap

Table 19-1 lists the steps to upgrade Oracle Adaptive Access Manager high availability environment illustrated in Figure 19-1 to 11.1.2.3.0.

Table 19-1 Oracle Adaptive Access Manager High Availability Upgrade Roadmap

Task No Task For More Information

1

Review the Oracle Adaptive Access Manager high availability upgrade topology, and identify OAAMHOST1 and OAAMHOST2 on your setup.

See, Understanding Oracle Adaptive Access Manager High Availability Upgrade Topology

2

Shut down the Administration Server and all the Managed Servers on OAAMHOST1 and OAAMHOST2.

See, Shutting Down Administration Server and Managed Servers on OAAMHOST1 and OAAMHOST2

3

Back up the existing environment.

See, Backing Up the Existing Environment

4

Update the binaries of Oracle WebLogic Server and Oracle Adaptive Access Manager on OAAMHOST2.

See, Updating Binaries of WebLogic Server and Oracle Adaptive Access Manager on OAAMHOST2

5

Upgrade OAAMHOST1 to 11.1.2.3.0. This is the host with active Administration Server running on it.

See, Upgrading OAAMHOST1 to 11.1.2.3.0

6

If your starting point is Oracle Adaptive Access Manager 11g Release 1 (11.1.1.5.0), you must upgrade the OAAM packages to 11.1.2.3.0 on OAAMHOST1.

See, Updating Component Versions on OAAMHOST1

8

If your starting point is Oracle Adaptive Access Manager 11.1.1.5.0, after you upgrade OAAMHOST1, you must replicate the configurations on OAAMHOST2 by packing the domain on OAAMHOST1 and unpacking it on OAAMHOST2.

See, Replicating Domain Configuration on OAAMHOST2

6

Start the WebLogic Administration Server and the Managed Servers on OAAMHOST1 and OAAMHOST2.

See, Starting Administration Server and Managed Servers on OAAMHOST1 and OAAMHOST2

19.3 Shutting Down Administration Server and Managed Servers on OAAMHOST1 and OAAMHOST2

Before you begin the upgrade process, you must stop the WebLogic Administration Server and all of the Oracle Adaptive Access Manager Managed Servers on OAAMHOST1 and OAAMHOST2 in the following order:

  1. Stop the Oracle Adaptive Access Manager Managed Servers on both OAAMHOST1 and OAAMHOST2.

  2. Stop the WebLogic Administration Server on OAAMHOST1.

For information about stopping the Managed Server, see Section 24.1.9.1, "Stopping the Managed Server(s)".

For information about stopping the Administration Server, see Section 24.1.9.2, "Stopping the WebLogic Administration Server".

19.4 Backing Up the Existing Environment

After stopping all the servers, you must back up the following before proceeding with the upgrade process:

  • MW_HOME directory (Middleware home directory), including the Oracle Home directories inside Middleware home on both OAAMHOST1 and OAAMHOST2.

  • Oracle Adaptive Access Manager Domain Home directory on both OAAMHOST1 and OAAMHOST2.

  • Following Database schemas:

    • Oracle Adaptive Access Manager schema

    • IAU schema, if it is part of any of your Oracle Adaptive Access Manager schemas

    • MDS schema

    For more information about backing up schemas, see Oracle Database Backup and Recovery User's Guide.

19.5 Updating Binaries of WebLogic Server and Oracle Adaptive Access Manager on OAAMHOST2

Before you upgrade OAAMHOST1 that hosts Administration Server, you must do the following on OAAMHOST2:

and Oracle Adaptive Access Manager to 10.3.6 and 11.1.2.3.0 versions respectively on OAAMHOST2. To do this, complete the following steps on OAAMHOST2:

  1. Upgrade Oracle WebLogic Server to 10.3.6 on OAAMHOST2, if you are using a previous version.

    For information about upgrading Oracle WebLogic Server to 10.3.6, see Section 24.1.5, "Upgrading Oracle WebLogic Server to 11g Release 1 (10.3.6)"

  2. Update the binaries of Oracle Adaptive Access Manager to 11.1.2.3.0 on OAAMHOST2 using the Oracle Identity and Access Management 11.1.2.3.0 installer.

    For information about upgrading Oracle Adaptive Access Manager binaries to 11.1.2.3.0, see Section 24.1.6, "Updating Oracle Identity and Access Management Binaries to 11g Release 2 (11.1.2.3.0)"

19.6 Upgrading OAAMHOST1 to 11.1.2.3.0

After you upgrade the binaries of Oracle WebLogic Server and Oracle Adaptive Access Manager on OAAMHOST2, you must upgrade OAAMHOST1 which has the active Administration Server. Upgrading OAAMHOST2 to 11.1.2.3.0 includes the following important tasks:

  • Upgrading Oracle WebLogic Server to 10.3.6.

  • Upgrading the Oracle Adaptive Access Manager binaries to 11.1.2.3.0.

  • Upgrading the database schemas.

  • Upgrading Oracle Platform Security Services.

  • Redeploying applications.

The procedure to upgrade OAAMHOST1 depends on your starting point.

19.7 Updating Component Versions on OAAMHOST1

If your starting point is Oracle Adaptive Access Manager 11g Release 1 (11.1.1.5.0), you must upgrade the following packages from 11g Release 1 (11.1.1.5.0) to 11g Release 2 (11.1.2.3.0):

  • oracle.dogwood.top

  • oracle.idm.oinav

  • oracle.oaam.suite

  • oracle.oaam.oaam_admin

  • oracle.oaam.oaam_server

  • oracle.oaam.oaam_offline

Note:

If your starting point is Oracle Adaptive Access Manager 11g Release 2 (11.1.2.2.0), 11g Release 2 (11.1.2.1.0) or 11g Release 2 (11.1.2), skip this task.

To upgrade the packages, you must run the domain updater utility (com.oracle.cie.domain-update_1.0.0.0.jar) on OAAMHOST1 which updates the domain-info.xml. OAAMHOST1 is the host on which Administration Server is running.

To upgrade the necessary Oracle Adaptive Access Manager packages to 11.1.2.3.0, complete the following steps on OAAMHOST1:

  1. Go to the directory $ORACLE_HOME/oaam/upgrade. The domain updater utility com.oracle.cie.domain-update_1.0.0.0.jar file is located in this directory.

  2. Upgrade the packages using the following command:

    java -cp MW_HOME/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater <DOMAIN_HOME> <package_name>:11.1.1.5.0,:11.1.2.3.0

    In this command, <DOMAIN_HOME> refers to the absolute path to the Oracle Adaptive Access Manager domain, and <package_name> refers to the package that you are upgrading.

    Run this command for all of the following packages:

    • oracle.dogwood.top

    • oracle.idm.oinav

    • oracle.oaam.suite

    • oracle.oaam.oaam_admin

    • oracle.oaam.oaam_server

    • oracle.oaam.oaam_offline

19.8 Replicating Domain Configuration on OAAMHOST2

This step is applicable if you are upgrading Oracle Adaptive Access Manager 11g Release 1 (11.1.1.5.0) to 11.1.2.3.0.

After you upgrade Oracle Adaptive Access Manager 11.1.1.5.0 to 11.1.2.3.0 on OAAMHOST1, you must replicate the configurations on OAAMHOST2. This task involves packing the upgraded domain on OAAMHOST1 and unpacking it on OAAMHOST2.

Note:

Make sure that the Managed Servers are stopped before you perform this step. Do not start the Managed Servers until you complete this task.

To do this, complete the following steps:

  1. On OAAMHOST1, run the following command from the location $MW_HOME/oracle_common/common/bin to pack the upgraded domain:

    On UNIX:

    sh pack.sh -domain=<Location_of_OAAM_domain> -template=<Location_where_domain_configuration_jar_to_be_created> -template_name="OAAM Domain" -managed=true

    On Windows:

    pack.cmd -domain=<Location_of_OAAM_domain> -template=<Location_where_domain_configuration_jar_needs_to_be_created> -template_name="OAAM Domain" -managed=true

  2. Copy the domain configuration jar file created by the pack command on OAAMHOST1 to any accessible location on OAAMHOST2.

  3. On OAAMHOST2, run the following command from the location $MW_HOME/oracle_common/common/bin to unpack the domain:

    On UNIX:

    sh unpack.sh -domain=<Location_of_OAAM_domain> -template=<Location_on_OAAMHOST2_where _you_copied_jar_file_created_by_pack_command> -overwrite_domain=true

    On Windows:

    unpack.cmd -domain=<Location_of_OAAM_domain> -template=<Location_on_OAAMHOST2_where _you_copied_jar_file_created_by_pack_command> -overwrite_domain=true

19.9 Starting Administration Server and Managed Servers on OAAMHOST1 and OAAMHOST2

Start the WebLogic Administration Server and the Oracle Adaptive Access Manager Managed Servers on OAAMHOST1 and OAAMHOST2 in the following order:

  1. Start the WebLogic Administration Server on OAAMHOST1.

  2. Start the Oracle Adaptive Access Manager Managed Servers on OAAMHOST1 and OAAMHOST2.

For more information about starting the WebLogic Administration Server, see Section 24.1.8.2, "Starting the WebLogic Administration Server".

For more information about starting the Managed Servers, see Section 24.1.8.3, "Starting the Managed Server(s)".