17 Upgrading Oracle Access Management Highly Available Environments

This chapter describes how to upgrade Oracle Access Management highly available environments to Oracle Access Management 11g Release 2 (11.1.2.3.0) on Oracle WebLogic Server, using the manual upgrade procedure.

Note:

If your existing Oracle Identity and Access Management environment was deployed using the Life Cycle Management (LCM) Tools, you must use the automated upgrade procedure to upgrade to Oracle Identity and Access Management 11g Release 2 (11.1.2.3.0). For information about automated upgrade procedure, supported starting points and topologies, see Chapter 2, "Understanding the Oracle Identity and Access Management Automated Upgrade".

If you wish to upgrade Oracle Access Management multi-data center environments, refer to Chapter 18, "Upgrading Oracle Access Management Multi-Data Center Environments".

Note:

Before you proceed, check if your existing Oracle Access Management version is supported for high availability upgrade. For more information on supported starting points for high availability upgrade, see Section 3.3, "Supported Starting Points for Oracle Identity and Access Management Manual Upgrade".

This chapter includes the following sections:

• Section 17.1, "Understanding Oracle Access Management High Availability Upgrade Topology"

• Section 17.2, "Upgrade Roadmap"

• Section 17.3, "Shutting Down Administration Server and Managed Servers on OAMHOST1 and OAMHOST2"

• Section 17.4, "Backing Up the Existing Environment"

• Section 17.5, "Upgrading OAMHOST1 to 11.1.2.3.0"

• Section 17.6, "Updating Component Versions on OAMHOST1"

• Section 17.7, "Updating Binaries of WebLogic Server and Access Manager on OAMHOST2"

• Section 17.8, "Replicating Domain Configuration on OAMHOST2"

• Section 17.9, "Redeploying Access Manager Server Applications and Shared Libraries on OAMHOST1"

• Section 17.10, "Starting Administration Server and Managed Servers on OAMHOST1 and OAMHOST2"

17.1 Understanding Oracle Access Management High Availability Upgrade Topology

Figure 17-1 shows the Oracle Access Management cluster set up that can be upgraded to 11.1.2.3.0 by following the procedure described in this chapter.

Figure 17-1 Oracle Access Management High Availability Upgrade Topology

Description of ''Figure 17-1 Oracle Access Management High Availability Upgrade Topology''

On OAMHOST1, the following installations have been performed:

• An Oracle Access Management Access Manager instance has been installed in the WLS_OAM1 Managed Server.

• A WebLogic Server Administration Server has been installed. Under normal operations, this is the active Administration Server.

On OAMHOST2, the following installations have been performed:

• An Oracle Access Management Access Manager instance has been installed in the WLS_OAM2 Managed Server.

• A WebLogic Server Administration Server has been installed. Under normal operations, this is the passive Administration Server. You make this Administration Server active if the Administration Server on OAMHOST1 becomes unavailable.

The instances in the WLS_OAM1 and WLS_OAM2 Managed Servers on OAMHOST1 and OAMHOST2 are configured in a cluster named OAM_CLUSTER.

17.2 Upgrade Roadmap

Table 17-1 lists the steps to upgrade Oracle Access Management high availability environment illustrated in Figure 17-1 to 11.1.2.3.0.

Table 17-1 Oracle Access Management High Availability Upgrade Roadmap

Task No	Task	For More Information
1	Review the Oracle Access Management high availability upgrade topology, and identify OAMHOST1 and OAMHOST2 on your setup.	See, Understanding Oracle Access Management High Availability Upgrade Topology
2	Shut down the Administration Server and all the Managed Servers on OAMHOST1 and OAMHOST2.	See, Shutting Down Administration Server and Managed Servers on OAMHOST1 and OAMHOST2
3	Back up the existing environment.	See, Backing Up the Existing Environment
4	Upgrade OAMHOST1 to 11.1.2.3.0. This is the host with active Administration Server running on it.	See, Upgrading OAMHOST1 to 11.1.2.3.0
5	If your starting point is Oracle Access Manager 11g Release 1 (11.1.1.5.0), you must upgrade the OAM packages to 11.1.2.3.0 on OAMHOST1.	See, Updating Component Versions on OAMHOST1
6	Update the binaries of Oracle WebLogic Server and Access Manager on OAMHOST2.	See, Updating Binaries of WebLogic Server and Access Manager on OAMHOST2
7	If your starting point is Oracle Access Manager 11.1.1.5.0, after you upgrade OAMHOST1, you must replicate the configurations on OAMHOST2 by packing the domain on OAMHOST1 and unpacking it on OAMHOST2.	See, Replicating Domain Configuration on OAMHOST2
8	If you are upgrading Oracle Access Manager 11.1.1.5.0 environments, redeploy Access Manager Server applications and shared libraries on OAMHOST1 to target them to OAM_CLUSTER.	See, Redeploying Access Manager Server Applications and Shared Libraries on OAMHOST1
9	Start the WebLogic Administration Server and the Managed Servers on OAMHOST1 and OAMHOST2.	See, Starting Administration Server and Managed Servers on OAMHOST1 and OAMHOST2

17.3 Shutting Down Administration Server and Managed Servers on OAMHOST1 and OAMHOST2

Before you begin the upgrade process, you must stop the WebLogic Administration Server and all of the Access Manager Managed Servers on OAMHOST1 and OAMHOST2 in the following order:

1. Stop the Access Manager Managed Servers on both OAMHOST1 and OAMHOST2.

2. Stop the WebLogic Administration Server on OAMHOST1.

For information about stopping the Managed Server, see Section 24.1.9.1, "Stopping the Managed Server(s)".

For information about stopping the Administration Server, see Section 24.1.9.2, "Stopping the WebLogic Administration Server".

17.4 Backing Up the Existing Environment

After stopping all the servers, you must back up the following before proceeding with the upgrade process:

• MW_HOME directory (Middleware home directory), including the Oracle Home directories inside Middleware home on both OAMHOST1 and OAMHOST2.

• Oracle Access Management Domain Home directory on both OAMHOST1 and OAMHOST2.

• Following Database schemas:

  • Oracle Access Manager schema

  • MDS schema

  • Audit and any other dependent schema

  For more information about backing up schemas, see Oracle Database Backup and Recovery User's Guide.

17.5 Upgrading OAMHOST1 to 11.1.2.3.0

In order to upgrade the Oracle Access Management high availability environment to 11.1.2.3.0, you must first upgrade OAMHOST1 which has the active Administration Server. The following are some of the important tasks involved in upgrading OAMHOST1 to 11.1.2.3.0:

• Upgrading Oracle WebLogic Server to 10.3.6 if you are using a previous version.

• Upgrading Oracle Access Management binaries to 11.1.2.3.0.

• Upgrading the database schemas.

• Copying the modified domain mbean configurations.

• Upgrading the system configuration.

The procedure to upgrade OAMHOST1 depends on your starting point.

• If your starting point is Oracle Access Management 11g Release 2 (11.1.2.2.0), 11g Release 2 (11.1.2.1.0), follow the instructions described in Chapter 8, "Upgrading Oracle Access Management 11g Release 2 (11.1.2.x.x) Environments" to upgrade OAMHOST1 to 11.1.2.3.0.

• If your starting point is Oracle Access Manager 11g Release 1 (11.1.1.5.0), follow the instructions described in Chapter 12, "Upgrading Oracle Access Manager 11g Release 1 (11.1.1.x.x) Environments" to upgrade OAMHOST1 to 11.1.2.3.0.

17.6 Updating Component Versions on OAMHOST1

If your starting point is Oracle Access Manager 11g Release 1 (11.1.1.5.0) and if you are using Oracle Access Manager - Oracle Adaptive Access Manager integrated setup, you must upgrade the following packages from 11g Release 1 (11.1.1.5.0) to 11g Release 2 (11.1.2.3.0):

• oracle.dogwood.top

• oracle.oam.server

• oracle.idm.oinav

• oracle.sdp.client

• oracle.oaam.suite

• oracle.oaam.oaam_admin

• oracle.oaam.oaam_server

• oracle.oaam.oaam_offline

Note:

If your starting point is Access Manager 11g Release 2 (11.1.2.2.0), 11g Release 2 (11.1.2.1.0) or 11g Release 2 (11.1.2), skip this task.

To upgrade the packages, you must run the domain updater utility (com.oracle.cie.domain-update_1.0.0.0.jar) on OAMHOST1 which updates the domain-info.xml. OAMHOST1 is the host on which Administration Server is running.

To upgrade the necessary Oracle Access Manager packages to 11.1.2.3.0, complete the following steps on OAMHOST1:

1. Go to the directory $ORACLE_HOME/oaam/upgrade. The domain updater utility com.oracle.cie.domain-update_1.0.0.0.jar file is located in this directory.

2. Upgrade the packages using the following command:

   java -cp MW_HOME/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater <DOMAIN_HOME> <package_name>:11.1.1.5.0,:11.1.2.3.0

   In this command, <DOMAIN_HOME> refers to the absolute path to the Oracle Access Management domain, and <package_name> refers to the package that you are upgrading.

   Run this command for all of the following packages:

   • oracle.dogwood.top

   • oracle.oam.server

   • oracle.idm.oinav

   • oracle.sdp.client

   • oracle.oaam.suite

   • oracle.oaam.oaam_admin

   • oracle.oaam.oaam_server

   • oracle.oaam.oaam_offline

17.7 Updating Binaries of WebLogic Server and Access Manager on OAMHOST2

After you upgrade the Access Manager environment on OAMHOST1, you must update the binaries of Oracle WebLogic Server on OAMHOST2 (if you are using any previous version). Also, you must update the binaries of Oracle Access Manager to11.1.2.3.0 on OAMHOST2 using the Oracle Identity and Access Management 11.1.2.3.0 installer.

For information about upgrading Oracle WebLogic Server to 10.3.6, see Section 24.1.5, "Upgrading Oracle WebLogic Server to 11g Release 1 (10.3.6)".

For information about upgrading Oracle Access Manager binaries to 11.1.2.3.0, see Section 24.1.6, "Updating Oracle Identity and Access Management Binaries to 11g Release 2 (11.1.2.3.0)".

17.8 Replicating Domain Configuration on OAMHOST2

This step is applicable if you are upgrading Oracle Access Manager 11g Release 1 (11.1.1.5.0) to 11.1.2.3.0.

After you upgrade Oracle Access Manager 11.1.1.5.0 to 11.1.2.3.0 on OAMHOST1, you must replicate the configurations on OAMHOST2. This task involves packing the upgraded domain on OAMHOST1 and unpacking it on OAMHOST2.

Note:

Make sure that the Managed Servers are stopped before you perform this step. Do not start the Managed Servers until you complete this task.

To do this, complete the following steps:

1. On OAMHOST1, run the following command from the location $MW_HOME/oracle_common/common/bin to pack the upgraded domain:

   On UNIX:

   sh pack.sh -domain=<Location_of_OAM_domain> -template=<Location_where_domain_configuration_jar_to_be_created> -template_name="OAM Domain" -managed=true

   On Windows:

   pack.cmd -domain=<Location_of_OAM_domain> -template=<Location_where_domain_configuration_jar_needs_to_be_created> -template_name="OAM Domain" -managed=true

2. Copy the domain configuration jar file created by the pack command on OAMHOST1 to any accessible location on OAMHOST2.

3. On OAMHOST2, run the following command from the location $MW_HOME/oracle_common/common/bin to unpack the domain:

   On UNIX:

   sh unpack.sh -domain=<Location_of_OAM_domain> -template=<Location_on_OAMHOST2_where _you_copied_jar_file_created_by_pack_command> -overwrite_domain=true

   On Windows:

   unpack.cmd -domain=<Location_of_OAM_domain> -template=<Location_on_OAMHOST2_where _you_copied_jar_file_created_by_pack_command> -overwrite_domain=true

17.9 Redeploying Access Manager Server Applications and Shared Libraries on OAMHOST1

If you are upgrading Oracle Access MAnager 11.1.1.5.0 on OAMHOST1, then you must redeploy Access Manager server applications and shared libraries, and target the applications and shared libraries to OAM_CLUSTER, for the following reasons:

• To uptake new shared libraries that Access Manager server applications are dependent on.

• To uptake newer versions of Access Manager Administration and Managed Server applications.

For information about redeploying Access Manager server applications and shared libraries, see Section 12.13, "Redeploying Access Manager Server Applications and Shared Libraries".

Note:

• Before you run the redeployOAM command, ensure that the Access Manager Managed Server(s) are in RUNNING state and not in the ADMIN state.

  If the servers are in ADMIN state, do the following:

  1. Log in to the WebLogic Administration Server using the following URL:

     http://host:port/console

  2. Click Deployments.

  3. Click oam_server(11.1.2.0.0) on the Summary of Deployments page.

  4. Click OAM_SERVER on the Summary of Servers page.

  5. Go to the Control tab and click RESUME.

• If you had redeployed Access Manager server applications and shared libraries as part of Section 17.5, "Upgrading OAMHOST1 to 11.1.2.3.0", skip this task.

17.10 Starting Administration Server and Managed Servers on OAMHOST1 and OAMHOST2

Start the WebLogic Administration Server and the Access Manager Managed Servers on OAMHOST1 and OAMHOST2 in the following order:

1. Start the WebLogic Administration Server on OAMHOST1.

2. Start the Access Manager Managed Servers on OAMHOST1 and OAMHOST2.

For more information about starting the WebLogic Administration Server, see Section 24.1.8.2, "Starting the WebLogic Administration Server".

For more information about starting the Managed Servers, see Section 24.1.8.3, "Starting the Managed Server(s)".