6 Upgrading Oracle Identity Manager Highly Available Environments

Describes the process of upgrading an Oracle Identity Manager highly available environment from 11g Release 2 (11.1.2.3.0) to Oracle Identity Governance 12c (12.2.1.3.0).

Note:

The product Oracle Identity Manager is referred to as Oracle Identity Manager (OIM) and Oracle Identity Governance (OIG) interchangeably in the guide.

Topics

Topics:

6.1 About the Oracle Identity Manager Multinode Upgrade Process

Review the topology and the roadmap for an overview of the upgrade process for Oracle Identity Manager highly available environments.

The steps you take to upgrade your existing domain will vary depending on how your domain is configured and which components are being upgraded. Follow only those steps that are applicable to your deployment.

Upgrade Topology

The following topology shows the Oracle Identity Manager cluster set up that can be upgraded to 12c (12.2.1.3.0) by following the procedure described in this chapter.

Figure 6-1 Oracle Identity Manager High Availability Upgrade Topology

Description of Figure 6-1 follows
Description of "Figure 6-1 Oracle Identity Manager High Availability Upgrade Topology"
On OIMHOST1, the following installations have been performed:
  • An Oracle Identity Manager instance has been installed in the WLS_OIM1 Managed Server and a SOA instance has been installed in the WLS_SOA1 Managed Server.

  • A WebLogic Server Administration Server has been installed. Under normal operations, this is the active Administration Server.

On OIMHOST2, the following installations have been performed:

  • An Oracle Identity Manager instance has been installed in the WLS_OIM2 Managed Server and a SOA instance has been installed in the WLS_SOA2 Managed Server.

  • A WebLogic Server Administration Server has been installed. Under normal operations, this is the passive Administration Server. You make this Administration Server active if the Administration Server on OIMHOST1 becomes unavailable.

The instances in the WLS_OIM1 and WLS_OIM2 Managed Servers on OIMHOST1 and OIMHOST2 are configured as the OIM_CLUSTER cluster.

The instances in the WLS_SOA1 and WLS_SOA2 Managed Servers on OIMHOST1 and OIMHOST2 are configured as the SOA_CLUSTER cluster.

Table 6-1 Tasks for Upgrading Oracle Identity Manager Highly Available Environments

Task Description

Required

If you have not done so already, review the introductory topics in this guide and complete the required pre-upgrade tasks.

See:

Required

Generate the pre-upgrade report for Oracle Identity Manager. Review the information in the report and perform the mandatory pre-upgrade tasks, if any.

See Generating and Analyzing Pre-Upgrade Report for Oracle Identity Manager.

Required

Complete the necessary pre-upgrade tasks specific to Oracle Identity Manager.

See Completing the Pre-Upgrade Tasks for Oracle Identity Manager.

Optional

Run a pre-upgrade readiness check.

See Running a Pre-Upgrade Readiness Check.

Optional

Start the Repository Creation Utility (RCU) to create the required 12c database schemas.

This step is not required for non-SSL setup, as the Upgrade Assistant creates the necessary 12c schemas during the upgrade process.

For SSL enabled setup, you must run the RCU to create the necessary 12c schemas.

The schemas you create will vary depending on your existing schema configuration.

See Creating the Required 12c Schemas with the RCU.

Required

Create the 12c Middleware Home Folder on both OIMHOST1 and OIMHOST2, so that you can use the location for installing the product distributions.

See Creating 12c Middleware Home Folder on OIMHOST1 and OIMHOST2.

Required

Install Oracle SOA Suite12c (12.2.1.3.0) and Oracle Identity and Access Management12c (12.2.1.3.0) in the new Oracle home.

See Installing Product Distributions on OIMHOST1 and OIMHOST2.

Required

Upgrade the necessary schemas on OIMHOST1.

See Upgrading Schemas on OIMHOST1.

Required

Reconfigure the Oracle Identity Manager domain on OIMHOST1.

See Reconfiguring the Domain on OIMHOST1.

Required

Upgrade the Oracle Identity Manager configurations on both OIMHOST1, using the Upgrade Assistant.

The Upgrade Assistant is used to update the reconfigured domain’s component configurations.

See Upgrading Domain Component Configurations on OIMHOST1 and OIMHOST2.

Required

Replicate the domain configurations on OIMHOST2.

This includes packing the domain on OIMHOST1 and unpacking it on OIMHOST2.

See Replicating the Domain Configurations on OIMHOST2.

Required

Copy the oracle.iam.ui.custom-dev-starter-pack.war from 11g Middleware Home to 12c Middleware Home.

See Copying oracle.iam.ui.custom-dev-starter-pack.war from 11g Middleware Home.

Required

Start the servers on OIMHOST1 and OIMHOST2.

See Starting the Servers.

Required

Upgrade the Oracle Identity Manager Design Console to 12c (12.2.1.3.0).

See Upgrading Oracle Identity Manager Design Console.

Optional

Perform the post-upgrade tasks for SSL enabled setup.

See Completing the Post-Upgrade Tasks for SSL Enabled Setup.

Optional

When you upgrade to Oracle Identity Governance 12c (12.2.1.3.0), the embedded Oracle BI Publisher present in the 11.1.2.3.0 deployment is removed. Therefore, you must install a new standalone Oracle BI Publisher 12c (12.2.1.3.0) on OIMHOST1 and OIMHOST2, post upgrade. After you install, integrate it with Oracle Identity Governance 12c (12.2.1.3.0) to configure the Oracle Identity Governance reports.

See, Installing Standalone Oracle BI Publisher.

6.2 Stopping Servers and Processes

Before you run the Upgrade Assistant to upgrade your schemas and configurations, you must shut down all of the pre-upgrade processes and servers, including the Administration Server and any managed servers.

An Oracle Fusion Middleware environment can consist of an Oracle WebLogic Server domain, an Administration Server, multiple managed servers, Java components, system components such as Identity Management components, and a database used as a repository for metadata. The components may be dependent on each other, so they must be stopped in the correct order.

Note:

The procedures in this section describe how to stop the existing, pre-upgrade servers and processes using the WLST command-line utility or a script. You can also use the Oracle Fusion Middleware Control and the Oracle WebLogic Server Administration Console. See Starting and Stopping Administration and Managed Servers and Node Manager.

Note:

Stop all of the servers in your deployment, except for the Database. The Database must be up during the upgrade process.

To stop your pre-upgrade Fusion Middleware environment, navigate to the pre-upgrade domain and follow the steps below.

Step 1: Stop System Components

To stop system components, such as Oracle HTTP Server, use the opmnctl script:

  • (UNIX) OHS_INSTANCE_HOME/bin/opmnctl stopall

  • (Windows) OHS_INSTANCE_HOME\bin\opmnctl stopall

You can stop system components in any order.

Step 2: Stop the Managed Servers

To stop a WebLogic Server Managed Server, use the stopManagedWebLogic script:

  • (UNIX) EXISTING_DOMAIN_HOME/bin/stopManagedWebLogic.sh managed_server_name admin_url

  • (Windows) EXISTING_DOMAIN_HOME\bin\stopManagedWebLogic.cmd managed_server_name admin_url

When prompted, enter your user name and password.

Step 3: Stop the Administration Server

When you stop the Administration Server, you also stop the processes running in the Administration Server, including the WebLogic Server Administration Console and Fusion Middleware Control.

To stop the Administration Server, use the stopWebLogic script:

  • (UNIX) EXISTING_DOMAIN_HOME/bin/stopWebLogic.sh

  • (Windows) EXISTING_DOMAIN_HOME\bin\stopWebLogic.cmd

When prompted, enter your user name, password, and the URL of the Administration Server.

Step 4: Stop Node Manager

To stop Node Manager, close the command shell in which it is running.

Alternatively, after having set the nodemanager.properties attribute QuitEnabled to true (the default is false), you can use WLST to connect to Node Manager and shut it down. See stopNodeManager in WLST Command Reference for WebLogic Server.

6.3 Creating 12c Middleware Home Folder on OIMHOST1 and OIMHOST2

Create a folder for 12c Middleware Home on both OIMHOST1 and OIMHOST2.

It is recommended that you have the similar directory structure on OIMHOST1 and OIMHOST2.

For example:

/scratch/work/u01/mw12c

6.4 Installing Product Distributions on OIMHOST1 and OIMHOST2

Install the 12c binaries on both OIMHOST1 and OIMHOST2.

Install the following products on both OIMHOST1 and OIMHOST2:
  • Oracle Fusion Middleware Infrastructure 12c (12.2.1.3.0)

  • Oracle SOA Suite 12c (12.2.1.3.0)

  • Oracle Identity and Access Management 12c (12.2.1.3.0)

For more information about installing the product distributions, see Installing Product Distributions.

6.5 Upgrading Schemas on OIMHOST1

Upgrade all of the necessary schemas for Oracle Identity Manager, on OIMHOST1 by using the Upgrade Assistant.

6.6 Reconfiguring the Domain on OIMHOST1

Run the Reconfiguration Wizard on OIMHOST1 to reconfigure your domain component configurations to 12c (12.2.1.3.0).

6.7 Upgrading Domain Component Configurations on OIMHOST1

After reconfiguring the domain, use the Upgrade Assistant to upgrade the domain component’s configurations inside the domain to match the updated domain configuration.

To upgrade the domain configurations in a highly available setup, follow the instructions described in Upgrading Domain Component Configurations on OIMHOST1.

6.8 Replicating the Domain Configurations on OIMHOST2

Replicate the domain configurations on OIMHOST2. This involves packing the upgraded domain on OIMHOST1 and unpacking it on OIMHOST2.

To do this, complete the following steps:
  1. On OIMHOST1, run the following command from the location $MW_HOME/oracle_common/common/bin to pack the upgraded domain:
    • On UNIX:

      sh pack.sh -domain=<Location_of_OIM_domain> -template=<Location_where_domain_configuration_jar_to_be_created> -template_name="OIM Domain" -managed=true

    • On Windows:

      pack.cmd -domain=<Location_of_OIM_domain> -template=<Location_where_domain_configuration_jar_to_be_created> -template_name="OIM Domain" -managed=true

  2. Copy the domain configuration jar file created by the pack command on OIMHOST1 to any accessible location on OIMHOST2.
  3. On OIMHOST2, run the following command from the location $MW_HOME/oracle_common/common/bin to unpack the domain:
    • On UNIX:

      sh unpack.sh -domain=<Location_of_OIM_domain> -template=<Location_where_domain_configuration_jar_to_be_created> -overwrite_domain=true

    • On Windows:

      unpack.cmd -domain=<Location_of_OIM_domain> -template=<Location_where_domain_configuration_jar_to_be_created> -overwrite_domain=true

6.9 Copying oracle.iam.ui.custom-dev-starter-pack.war from 11g Middleware Home

After you upgrade the domain component configurations on OIMHOST1, copy the oracle.iam.ui.custom-dev-starter-pack.war file from 11g Middleware Home to 12c Middleware Home on other nodes (excluding OIMHOST1), manually.

In 11g, the file is located at The file is located at OIM_ORACLE_HOME/idm/server/apps/.

Copy this file to the 12c_Middleware_Home/idm/server/apps/ location.

6.10 Starting the Servers on OIMHOST1 and OIMHOST2

After you upgrade Oracle Identity Manager on both OIMHOST1 and OIMHOST2, start the servers.

You must start the servers in the following order:
  1. Start the Administration Server on OIMHOST1.
  2. Start the Oracle SOA Suite Managed Server on OIMHOST1 with Administration Server URL, and the BPM property set to TRUE. For example:
    ./startManagedWebLogic.sh soa_server1 t3://weblogic_admin_host:weblogic_admin_port -Dbpm.enabled=true
  3. Once the SOA server is in running state, start the Oracle Identity Governance Managed Server with Administration Server URL, on OIMHOST1.
    This time, OIM bootstrap process will be executed, and after successful bootstrap, OIM Managed Server will be shut down automatically.
  4. Shut down the SOA Managed Server and the Administration Server on OIMHOST1.
  5. Start the Node Manager on both OIMHOST1 and OIMHOST2.
  6. Start the Administration Server on OIMHOST1.
  7. Start the Oracle SOA Suite Managed Server (without BPM property) and Oracle Identity Manager Managed Servers on OIMHOST1.
  8. Start the Oracle SOA Suite Managed Server (without BPM property) and Oracle Identity Manager Managed Servers on OIMHOST2.

For more information about starting the servers and processes, see Starting the Servers.

For more information about stopping the servers and processes, see Stopping Servers and Processes.