1. Upgrading Oracle Identity Manager
  2. Out-of-Place Upgrade of Oracle Identity Manager
  3. Performing an Out-of-Place Upgrade of Oracle Identity Manager

5 Performing an Out-of-Place Upgrade of Oracle Identity Manager

The starting points for an out-of-place upgrade to Oracle Identity Manager 12c (12.2.1.4.0) is Oracle Identity Manager 11g (11.1.2.3) or 11g (11.1.2.2) release.

To prepare for the upgrade of Oracle Identity Manager, verify that your system meets the basic requirements discussed in Pre-Upgrade Assessments.

This chapter includes the following topics:

  • Pre-Upgrade Assessments
    Before starting the out-of-place upgrade of Oracle Identity Manager, you must check the cross-product interoperability and compatibility, system requirements, and certification requirements.
  • Migrating Entities from 11g to 12c
    After you have installed the OIG 12c environment as per your requirements, migrate the following entities from 11g to 12c environment:
  • Post Upgrade Steps
    As part of the post upgrade steps, you should follow the tuning guidelines and complete the sanity test.

Parent topic: Out-of-Place Upgrade of Oracle Identity Manager

Pre-Upgrade Assessments

Before starting the out-of-place upgrade of Oracle Identity Manager, you must check the cross-product interoperability and compatibility, system requirements, and certification requirements.

Install the 12c (12.2.1.4.0) version of Oracle Identity Governance as per your requirements (large, medium, or small deployment) on new hardware.

For installation instructions, see Installing and Configuring the Oracle Identity Governance Software. You must configure the new system by integrating components, as necessary.

The pre-upgrade check includes reviewing the current OIM 11g (11.1.2.3) or 11g (11.1.2.2) environment (depending on the starting point) before starting the upgrade to OIM 12c (12.2.1.4.0), and then creating a list of features or components currently being used, such as OIM workflows, connectors, provisioning, targets, workflow policies, and admin roles/capabilities.

For more information, see Pre-Upgrade Requirements.

Parent topic: Performing an Out-of-Place Upgrade of Oracle Identity Manager

Migrating Entities from 11g to 12c

After you have installed the OIG 12c environment as per your requirements, migrate the following entities from 11g to 12c environment:

Parent topic: Performing an Out-of-Place Upgrade of Oracle Identity Manager

Organizations

Following options are available to migrate Organization records from the current OIM 11g environment (11.1.2.3 or 11.1.2.2) to 12c:

Option 1- Organization Bulk Load Utility

This option involves creating a source database table or a CSV file that contains the data you want to migrate.

For more information on using CSV files or creating database tables, see Creating the Input Source for the Bulk Load Operation in Developing and Customizing Applications for Oracle Identity Governance.

Option 2- Export And Import Feature In Sysadmin Console

After you have created your source data, you need to import the source data into the new 12c target system. For more information, see Migrating Incrementally Using the Deployment Manager.

Parent topic: Migrating Entities from 11g to 12c

Connectors

You should review the latest version of the connector available for 12c and use Application on Boarding (AoB) to create such connectors.

A new installation enables you to upgrade your targets to newer versions that are certified with 12c connectors.

If 12c connectors are not available, you can export or import existing user data as long as those connectors are supported in the 12c OIM server.

For more information, see Oracle Identity Governance 12c Connectors documentation.

For downloading connectors, see the Oracle Identity Governance Connector Downloads page.

For certification information for Oracle Identity Manager Connectors, see Oracle Identity Governance Connectors Certification.

Note:

If the connectors installed on 11g have no 12c version, you must check the certification, and then upgrade the existing connector to make it compatible with OIG 12c.

Parent topic: Migrating Entities from 11g to 12c

Accounts

After you set up the connectors as applications, you should start loading the account data from the target systems.

Note:

Target systems are applications such as database, LDAP, and so on, which OIM connects to using the OIM connectors.

Following options are available to load your accounts:

  • Option 1: If the target system has account data, you can bulk load the account details (or data) by using the Bulk Load Utility. See Loading Account Data in Developing and Customizing Applications for Oracle Identity Governance guide.

  • Option 2: You can load the target system account data into the new environment by using connector the reconciliation jobs.

  • Option 3: You can use a flat file to load the data, similar to bulk load but using AoB directly. See Configuring Flat Files in Performing Self Service Tasks with Oracle Identity Governance.

Parent topic: Migrating Entities from 11g to 12c

Roles (Role, Role Membership, and Categories)

You can use the OIM Bulk Load Utility to import roles, role membership, and categories from a table or a CSV file. Export the relevant data files from the source OIM database.

For information on how to export and import this data, see Loading Role, Role Hierarchy, Role Membership, and Role Category Data in Developing and Customizing Applications for Oracle Identity Governance.

Parent topic: Migrating Entities from 11g to 12c

User Records

Following options are available to migrate user records from current OIM 11g (11.1.2.3 or 11.1.2.2) environment to 12c:

  • Option 1 - User Bulk Load Utility

    This option includes exporting the user records to a table or a CSV file that will act as a source. See Loading OIM User Data in Developing and Customizing Applications for Oracle Identity Governance guide.

  • Option 2 - Trusted Recon of Users from 11g to 12c

    This option includes using the Database User Management (DBUM) connector or a flat file connector to migrate the user records.

  • Option 3 - Data Load Using Flat Files

    If the trusted source is an AoB application, this option includes loading data using flat files in AoB directly. See Configuring Flat Files in Performing Self Service Tasks with Oracle Identity Governance.

Note:

You cannot migrate user passwords by using the above options. You can set up SSO or LDAP as an authentication provider.

Parent topic: Migrating Entities from 11g to 12c

User Customizations

If you have added the custom User Defined Fields (UDF) in OIM 11g, you must create those UDFs in 12c as well.

WARNING:

Oracle does not support UDF migration (Deployment Manager and ADF Sandboxes).

Note:

To check if import or export from 11g to 12c works, export the user metadata from the 11g environment and import it to 12c, get the corresponding ADF sandbox, and then import it to 12c.

Parent topic: Migrating Entities from 11g to 12c

Others

You can also migrate the following items from your 11g environmen to the 12c environment by using the Export/Import option in the sysadmin console:

  • Access policies
  • Admin roles
  • Application instances
  • Approval policies
  • Catalog UDFs
  • Certification configurations
  • Certification definitions
  • Custom resource bundles
  • E-mail definitions
  • Error codes
  • Event handlers
  • Identity Audit configuration
  • Identity Audit rules
  • Identity Audit scan definitions
  • IT resource definition
  • IT resources
  • JAR files
  • Lookup definitions
  • Notification templates
  • Organization metadata
  • Organizations
  • Password policies
  • Policies
  • Plug-ins
  • Prepopulation adapters
  • Process definitions
  • Process forms
  • Provisioning workflows and process task adapters
  • Request datasets
  • Resource objects
  • Risk configuration
  • Role metadata
  • Roles
  • Scheduled jobs
  • Scheduled tasks
  • System properties
  • User metadata

For more information, see Moving from a Test to a Production Environment and Using the Movement Scripts in the Fusion Middleware Administrator's Guide.

Parent topic: Migrating Entities from 11g to 12c

Post Upgrade Steps

As part of the post upgrade steps, you should follow the tuning guidelines and complete the sanity test.

Parent topic: Performing an Out-of-Place Upgrade of Oracle Identity Manager

Tuning Considerations

Follow the performance tuning guidelines provided in the tuning documentation. See Oracle Identity Governance Performance Tuning.

Also, you should check the existing 11g system for custom indexes and create them in the 12c system.

Parent topic: Post Upgrade Steps

Performing a Sanity Test

Perform a sanity test to ensure that the software and processes have been successfully upgraded and the system performs as expected. See Tab 5 of Doc ID 2667893.2.

Parent topic: Post Upgrade Steps

Reinstalling the ADF DI Excel Plug-in

After you upgrade Oracle Identity Manager to 12c (12.2.1.4.0), uninstall and reinstall the ADF DI Excel plug-in, and then re-download the Excel.

Parent topic: Post Upgrade Steps

Defining System Properties for Legacy Connectors

As part of post-upgrade tasks, for legacy connectors such as Resource Access Control Facility (RACF) that use the tcITResourceInstanceOperationsBean.getITResourceInstanceParameters method, you should create the following two system properties and update their values to True:
  • Service Account Encrypted Parameter Value
  • Service Account Parameters Value Store

For more information about these system properties, see Table 18-2 of section Non-Default System Properties in Oracle Identity Governance in Administering Oracle Identity Governance.

Oracle recommends creating these system properties only if a legacy connector or an old custom code requires the legacy behavior.

Parent topic: Post Upgrade Steps

Increasing the Maximum Message Size for WebLogic Server Session Replication

Oracle recommends you to modify the Maximum Message Size from the default value of 10 MB to 100 MB. This value is used to replicate the session data across the nodes. You should perform this step for all the Managed servers and the Administration server.

  1. Log in to the WebLogic Server Administration Console.
  2. Navigate to Servers, select Protocols, and then click General.
  3. Set the value of Maximum Message Size to 100 MB.

Parent topic: Post Upgrade Steps

Increasing the maxdepth Value in setDomainEnv.sh

The recommended value for the maxdepth parameter is 250. To update this value:
  1. Open the $DOMAIN_HOME/bin/setDomainEnv.sh file in a text editor.
  2. Locate the following code block:
    ALT_TYPES_DIR="${OIM_ORACLE_HOME}/server/loginmodule/wls,${OAM_ORACLE_HOME}/a
gent/modules/oracle.oam.wlsagent_11.1.1,${ALT_TYPES_DIR}"
export ALT_TYPES_DIR
CLASS_CACHE="true"
export CLASS_CACHE
  3. Add the following lines at the end of the above code block:
    JAVA_OPTIONS="${JAVA_OPTIONS} -Dweblogic.oif.serialFilter=maxdepth=250"
export JAVA_OPTIONS
  4. Save and close the setDomainEnv.sh file.

Parent topic: Post Upgrade Steps