After your upgrade has been scheduled, complete the following steps.

1. If you use B2B for Oracle Integration: Ensure that all passwords for the keystore file are identical.

   Your identity certificate file (JKS) requires two sets of passwords: Key Passwords and Keystore Password. All the passwords must be identical. If they're not, re-upload the keystore file and use identical passwords for all the key and keystore passwords.

   If you don't have the keystore file that was last uploaded and cannot locate it, recreate the file.

   See Upload an SSL Certificate in Using Integrations in Oracle Integration Generation 2. When uploading the certificate, for Type, select X.509 (SSL Transport). For Category, select Identity.

   Caution:

   If you don't complete this step, the upgrade will fail.
2. Everyone: Add the new IP addresses and URLs to your allowlists.

   If your organization uses allowlists, you must add the Oracle Integration 3 IP addresses to the allowlist before upgrade to prevent errors.

   1. Get the new IP addresses:

      The new IP addresses appear on the Upgrade page approximately two weeks before your upgrade.

      1. In the navigation pane, click Settings, then Upgrade.
      2. You see the following values:Find the values under Connectivity Agent Status and Allowlist IP Addresses.

         Under Connectivity Agent Status:

         • Designtime IP Addresses—This is the design-time ingress IP address.
         • Runtime IP Addresses—This is the runtime ingress IP address.

         Under Allowlist IP Addresses:

         • Ingress IP Addresses—This is the design-time ingress IP address, and then the runtime ingress IP address.
         • Egress IP Addresses—This is the runtime IP address.
      3. To copy an IP address, click next to the address.
   2. Get the new URLs:
      • Runtime URL for Oracle Integration—This is the same as your existing Oracle Integration Generation 2 runtime URL.
      • Design-time URL for Oracle Integration 3—This is a combination of your Oracle Integration 3 base URL, your instance name, and your region.
      • Oracle Identity Cloud Service (IDCS) URL—This is the URL you use to sign into Oracle Integration.
   3. Update your allowlists according to your organization's procedures:

      For example, you may use the following types of allowlists with Oracle Integration.

      Type of allowlisting	Next steps
      Control who accesses an Oracle Integration instance	None. Oracle migrates your existing access allowlists (also known as access control lists, or ACLs) as part of the upgrade.
      Allow egress from your network to Oracle Integration	Add the new ingress IP address for Oracle Integration to the allowlist. Find the IP address on the Upgrade page two weeks prior to the upgrade.
      Control access to your cloud systems	None. Controlling access to your cloud systems by adding the egress IP address for Oracle Integration to every service that Oracle Integration accesses is not currently supported in Oracle Integration 3.
      Allowlist public IP addresses for File Server	None. Oracle updates these allowlists for you.
      Allowlist IP addresses and URLs for your connectivity agents	Configure connectivity from your connectivity agents to Oracle Identity Cloud Service (IDCS) and Oracle Integration Add the following to the allowlists for the servers that host your connectivity agents: The URL for IDCS The Oracle Integration design-time URL and IP address The runtime URL for Oracle Integration The ingress IP address for Oracle Integration

      Caution:

      If you update allowlists before the upgrade, don't remove the IP addresses for Oracle Integration Generation 2 yet. You might experience errors. After the upgrade finishes, the Oracle Integration Generation 2 IP addresses are no longer assigned to you.
3. Everyone: Set your proxy server's Cache property for the Oracle Integration URLs to refresh as frequently as possible.

   For example, if your proxy server uses the Cache-ExpiresDefault property, set it to now.

4. Everyone: Determine whether you're relying on the instance ID for the Oracle Integration Generation 2 instance being an integer.

   For example, if you store the instance ID in a database as a number field, you'll need to update the database field. The instance ID for Oracle Integration 3 is a string value.

   Update your systems and processes as required. See Adapting to Instance ID Change when upgrading to Oracle Integration 3.

5. Everyone: Decide what to do with asynchronous messages from the client side for the duration of the downtime.

   Here's why: During the downtime, Oracle Integration rejects all incoming requests. To prepare, you have the following options:

   • Before the upgrade starts, suspend all asynchronous messages on the client side.

     With this approach, the client doesn't send the messages, and Oracle Integration doesn't reject them.

     If you choose this option, make sure you know the start and end times of the upgrade.

   • After the upgrade finishes, determine the appropriate next steps for the rejected messages.
6. Everyone: If you don't already, start capturing the activity stream in Oracle Cloud Infrastructure Console.

   Here's why: The activity stream isn't migrated. But if you capture this data in the Oracle Cloud Infrastructure Console, you'll still have access to historical data. See Capture the Activity Stream in Oracle Cloud Infrastructure Console.

Next, plan to limit or pause your development work during the days leading up to the upgrade. See Limit Development Work Before the Upgrade.