21 Upgrading Oracle Entitlements Server Highly Available Environments

This chapter describes how to upgrade Oracle Entitlements Server highly available environments to 11g Release 2 (11.1.2.3.0) on Oracle WebLogic Server, using the manual upgrade procedure.

Note:

If your existing Oracle Identity and Access Management environment was deployed using the Life Cycle Management (LCM) Tools, you must use the automated upgrade procedure to upgrade to Oracle Identity and Access Management 11g Release 2 (11.1.2.3.0).

For information about automated upgrade procedure, supported starting points and topologies, see Chapter 2, "Understanding the Oracle Identity and Access Management Automated Upgrade".

Note:

Before you proceed, check if your existing Oracle Entitlements Server version is supported for high availability upgrade. For more information on supported starting points for high availability upgrade, see Section 3.3, "Supported Starting Points for Oracle Identity and Access Management Manual Upgrade".

This chapter includes the following sections:

• Section 21.1, "Understanding Oracle Entitlements Server High Availability Upgrade Topology"

• Section 21.2, "Upgrade Roadmap"

• Section 21.3, "Shutting Down Administration Server and Managed Servers on OESHOST1 and OESHOST2"

• Section 21.4, "Backing Up the Existing Environment"

• Section 21.5, "Updating Binaries of WebLogic Server and Oracle Entitlements Server on OESHOST1"

• Section 21.6, "Upgrading Oracle Platform Security Services Schema on OESHOST1"

• Section 21.7, "Upgrading Oracle Platform Security Services on OESHOST1 and OESHOST2"

• Section 21.8, "Updating Binaries of WebLogic Server and Oracle Entitlements Server on OESHOST2"

• Section 21.9, "Redeploying APM Applications on OESHOST1 and OESHOST2"

• Section 21.10, "Starting Administration Server and Managed Servers on OESHOST1 and OESHOST2"

21.1 Understanding Oracle Entitlements Server High Availability Upgrade Topology

Figure 21-1 shows the Oracle Entitlements Server cluster set up that can be upgraded to 11.1.2.3.0 by following the procedure described in this chapter.

Figure 21-1 Oracle Entitlements Server High Availability Upgrade Topology

Description of ''Figure 21-1 Oracle Entitlements Server High Availability Upgrade Topology''

The host OESHOST1 has the following installations:

• An Oracle Entitlements Server instance in the WLS_OES1 Managed Server.

• A WebLogic Server Administration Server. Under normal operations, this is the active Administration Server.

The host OESHOST2 has the following installations:

• An Oracle Entitlements Server instance in the WLS_OES2 Managed Server.

• A WebLogic Server Administration Server. Under normal operations, this is the passive Administration Server. You make this Administration Server active if the Administration Server on OESHOST1 becomes unavailable.

The instances in the WLS_OES1 and WLS_OES2 Managed Servers on OESHOST1 and OESHOST2 are configured in a cluster named OES_CLUSTER.

21.2 Upgrade Roadmap

Table 21-1 lists the steps to upgrade Oracle Entitlements Server high availability environment illustrated in Figure 21-1 to 11.1.2.3.0.

Table 21-1 Oracle Entitlements Server High Availability Upgrade Roadmap

Task No	Task	For More Information
1	Review the Oracle Entitlements Server high availability upgrade topology, and identify OESHOST1 and OESHOST2 on your setup.	See, Understanding Oracle Entitlements Server High Availability Upgrade Topology
2	Shut down the Administration Server and all the Managed Servers on OESHOST1 and OESHOST2.	See, Shutting Down Administration Server and Managed Servers on OESHOST1 and OESHOST2
3	Back up the Middleware home, Oracle home, and the Oracle Platform Security Services schema on OESHOST1 and OESHOST2.	See, Backing Up the Existing Environment
4	Update the binaries of Oracle WebLogic Server and Oracle Entitlements Server on OESHOST1.	See, Updating Binaries of WebLogic Server and Oracle Entitlements Server on OESHOST1
5	Upgrade the Oracle Platform Security Services schema on OESHOST1.	See, Upgrading Oracle Platform Security Services Schema on OESHOST1
6	Upgrade Oracle Platform Security Services on OESHOST1 and OESHOST2.	See, Upgrading Oracle Platform Security Services on OESHOST1 and OESHOST2
7	Update the binaries of Oracle WebLogic Server and Oracle Entitlements Server on OESHOST2.	See, Updating Binaries of WebLogic Server and Oracle Entitlements Server on OESHOST2
8	Redeploy the following APM applications on OESHOST1 and OESHOST2.	See, Redeploying APM Applications on OESHOST1 and OESHOST2
9	Start the WebLogic Administration Server and the Managed Servers on OESHOST1 and OESHOST2.	See, Starting Administration Server and Managed Servers on OESHOST1 and OESHOST2

21.3 Shutting Down Administration Server and Managed Servers on OESHOST1 and OESHOST2

Before you begin the upgrade process, you must stop the WebLogic Administration Server and all the Oracle Entitlements Server Managed Servers on OESHOST1 and OESHOST2 in the following order:

1. Stop the Oracle Entitlements Server Managed Servers on both OESHOST1 and OESHOST2.

2. Stop the WebLogic Administration Server on OESHOST1.

For information about stopping the Managed Server, see Section 24.1.9.1, "Stopping the Managed Server(s)".

For information about stopping the Administration Server, see Section 24.1.9.2, "Stopping the WebLogic Administration Server".

21.4 Backing Up the Existing Environment

After stopping all the servers, you must back up the following before proceeding with the upgrade process:

• MW_HOME directory (Middleware home directory), including the Oracle Home directories inside Middleware home on both OESHOST1 and OESHOST2.

• Oracle Entitlements Server Domain Home directory on both OESHOST1 and OESHOST2.

• Oracle Platform Security Services schema

  For more information about backing up schemas, see Oracle Database Backup and Recovery User's Guide.

21.5 Updating Binaries of WebLogic Server and Oracle Entitlements Server on OESHOST1

Oracle Identity and Access Management is certified with Oracle WebLogic Server 10.3.6. Therefore, if you are not using Oracle WebLogic Server 10.3.6, you must upgrade Oracle WebLogic Server to 10.3.6 on OESHOST1. For information about upgrading Oracle WebLogic Server to 10.3.6, see Section 24.1.5, "Upgrading Oracle WebLogic Server to 11g Release 1 (10.3.6)".

After you upgrade Oracle WebLogic Server to 10.3.6, update the binaries of Oracle Entitlements Server to 11.1.2.3.0 on OESHOST1 using the Oracle Identity and Access Management 11.1.2.3.0 installer. For information about upgrading Oracle Entitlements Server binaries, see Section 24.1.6, "Updating Oracle Identity and Access Management Binaries to 11g Release 2 (11.1.2.3.0)".

21.6 Upgrading Oracle Platform Security Services Schema on OESHOST1

After updating the Oracle WebLogic Server and Oracle Entitlements Server binaries on OESHOST1, you must upgrade the Oracle Platform Security Services schema using Patch Set Assistant.

For information about upgrading schemas using Patch Set Assistant, see Section 24.1.4, "Upgrading Schemas Using Patch Set Assistant".

21.7 Upgrading Oracle Platform Security Services on OESHOST1 and OESHOST2

After you upgrade Oracle Platform Security Services schema on OESHOST1, you must upgrade Oracle Platform Security Services (OPSS) on OESHOST1 and OESHOST2. This task is optional; however, it is recommended that you perform this task.

Note:

If you are upgrading Oracle Entitlements Server 11.1.2.1.0 environments to 11.1.2.3.0, you must upgrade Oracle Platform Security Services if Audit schema is installed. This step is required to upgrade the policy store to include the new 11.1.2.3.0 audit policies.

Upgrading Oracle Platform Security Services is required to upgrade the configuration and policy stores of Oracle Entitlements Server to 11.1.2.3.0. It upgrades the jps-config.xml file and policy stores.

For information about upgrading Oracle Platform Security Services, see Section 24.1.7, "Upgrading Oracle Platform Security Services".

21.8 Updating Binaries of WebLogic Server and Oracle Entitlements Server on OESHOST2

After upgrading Oracle Platform Security Services on OESHOST1, you must update the binaries of Oracle WebLogic Server to 10.3.6 on OESHOST2 (if you are not using Oracle WebLogic Server 10.3.6 already). Also, you must update the binaries of Oracle Entitlements Server to 11.1.2.3.0 on OESHOST2 using the Oracle Identity and Access Management 11.1.2.3.0 installer.

For information about upgrading Oracle WebLogic Server to 10.3.6, see Section 24.1.5, "Upgrading Oracle WebLogic Server to 11g Release 1 (10.3.6)".

For information about upgrading Oracle Entitlements Server binaries, see Section 24.1.6, "Updating Oracle Identity and Access Management Binaries to 11g Release 2 (11.1.2.3.0)".

21.9 Redeploying APM Applications on OESHOST1 and OESHOST2

After you update Oracle Entitlements Server binaries on OESHOST2, you must redeploy the following APM applications on OESHOST1 and OESHOST2:

• oracle.security.apm.ear

• oracle.security.apm.core.model.ear

• oracle.security.apm.core.view.war

To redeploy the APM applications, do the following:

1. Start the WebLogic Administration Server. For more information, see Section 24.1.8.2, "Starting the WebLogic Administration Server".

2. Launch the WebLogic Scripting Tool (WLST) by running the command from the location $MWHOME/wlserver_10.3/common/bin:

   On UNIX: ./wlst.sh

   On Windows: wlst.cmd

3. Connect to the Administration Server by running the following command:

   connect('weblogic-username','weblogic-password','weblogic-url')

4. Run the following commands to redeploy the APM applications:

   On UNIX:

   • redeploy(appName='oracle.security.apm')

   • redeploy(appName='oracle.security.apm.core.model')

   • redeploy(appName='oracle.security.apm.core.view')

   On Windows:

   • $DOMAIN_HOME\serverConfig\redeploy(appName='oracle.security.apm')

   • $DOMAIN_HOME\serverConfig\redeploy(appName='oracle.security.apm.core.model')

   • $DOMAIN_HOME\serverConfig\redeploy(appName='oracle.security.apm.core.view')

   In these commands, $DOMAIN_HOME refers to the absolute path to the Oracle Entitlements Server 11.1.2.3.0 domain.

   The following is an example of redeploying an APM application on Windows:

   C:\Oracle\Middleware\user_projects\domains\OES_Domain\serverConfig\ redeploy(appName='oracle.security.apm')

5. Stop the WebLogic Administration Server. For more information, see Section 24.1.8.2, "Starting the WebLogic Administration Server".

21.10 Starting Administration Server and Managed Servers on OESHOST1 and OESHOST2

Start the WebLogic Administration Server and the Oracle Entitlements Server Managed Servers on OESHOST1 and OESHOST2 in the following order:

1. Start the WebLogic Administration Server on OESHOST1.

2. Start the Oracle Entitlements Server Managed Servers on OESHOST1 and OESHOST2.

For more information about starting the WebLogic Administration Server, see Section 24.1.8.2, "Starting the WebLogic Administration Server".

For more information about starting the Managed Servers, see Section 24.1.8.3, "Starting the Managed Server(s)".