1. Provisioning and Administering Oracle Integration 3
  2. Upgrade from Oracle Integration Generation 2 to Oracle Integration 3
  3. 3. Update Allowlists and Complete Pre-Upgrade Tasks

3. Update Allowlists and Complete Pre-Upgrade Tasks

There are several tasks you must complete as your upgrade date approaches to prevent errors during upgrade and to allow you to smoothly transition to the new Oracle Integration 3 instance after upgrade.

After your upgrade has been scheduled, complete the following steps.

  1. If you use B2B for Oracle Integration: Ensure that all passwords for the keystore file are identical.

    Your identity certificate file (JKS) requires two sets of passwords: Key Password(s) and Keystore Password. All the passwords must be identical. If they're not, re-upload the keystore file and use identical passwords for all the key and keystore passwords.

    If you don't have the keystore file that was last uploaded and cannot locate it, recreate the file.

    See Upload an SSL Certificate in Using Integrations in Oracle Integration Generation 2. When uploading the certificate, for Type, select X.509 (SSL Transport). For Category, select Identity.

    Caution:

    If you don't complete this step, the upgrade will fail.
  2. Everyone: Add the IP addresses and URLs for the new instances to your allowlists.

    If your organization uses allowlists, you must add the Oracle Integration 3 IP addresses to the allowlist before upgrade to prevent errors.

    1. Get the new IP addresses:

      The new IP addresses appear on the Upgrade page two weeks before your upgrade.

      1. In the navigation pane, click Settings, then Upgrade.
      2. Find the values next to New IP addresses.
      3. To copy an IP address, click Copy icon next to the address.
    2. Get the new URLs:
      • Runtime URL for Oracle Integration—This is the same as your existing Oracle Integration Generation 2 runtime URL.
      • Oracle Identity Cloud Service (IDCS) URL—This is the URL you use to sign into Oracle Integration.
    3. Update your allowlists according to your organization's procedures:

      For example, you may use the following types of allowlists with Oracle Integration.

      Type of allowlisting Next steps

      Control who accesses an Oracle Integration instance

      None.

      Oracle migrates your existing access allowlists (also known as access control lists, or ACLs) as part of the upgrade.

      Allow egress from your network to Oracle Integration

      Add the new ingress IP address for Oracle Integration to the allowlist.

      Find the IP address on the Upgrade page two weeks prior to the upgrade.

      Control access to your cloud systems

      None.

      Controlling access to your cloud systems by adding the egress IP address for Oracle Integration to every service that Oracle Integration accesses is not currently supported in Oracle Integration 3.

      Allowlist public IP addresses for File Server

      None. Oracle updates these allowlists for you.

      Allowlist IP addresses and URLs for your connectivity agents Configure connectivity from your connectivity agents to IDCS and the Oracle Integration runtime URL and IP addresses. Add the following to the allowlists for the servers that host your connectivity agents:
      • The runtime URL for Oracle Integration
      • The ingress IP address for Oracle Integration
      • The URL for IDCS

      Caution:

      If you update allowlists before the upgrade, don't remove the IP address(es) for Oracle Integration Generation 2 yet. You might experience errors. After the upgrade finishes, the Oracle Integration Generation 2 IP addresses are no longer assigned to you.
  3. Everyone: Set your proxy server's Cache property for the Oracle Integration URLs to refresh as frequently as possible.

    For example, if your proxy server uses the Cache-ExpiresDefault property, set it to now.

  4. Everyone: Determine whether you're relying on the instance ID for the Oracle Integration Generation 2 instance being an integer.

    For example, if you store the instance ID in a database as a number field, you'll need to update the database field. The instance ID for Oracle Integration 3 is a string value.

    Update your systems and processes as required.

  5. Everyone: Decide what to do with asynchronous messages from the client side for the duration of the downtime.

    Here's why: During the downtime, Oracle Integration rejects all incoming requests. To prepare, you have the following options:

    • Before the upgrade starts, suspend all asynchronous messages on the client side.

      With this approach, the client doesn't send the messages, and Oracle Integration doesn't reject them.

      If you choose this option, make sure you know the start and end times of the upgrade.

    • After the upgrade finishes, determine the appropriate next steps for the rejected messages.
  6. Everyone: If you don't already, start capturing the activity stream in Oracle Cloud Infrastructure Console.

    Here's why: The activity stream isn't migrated. But if you capture this data in the Oracle Cloud Infrastructure Console, you'll still have access to historical data. See Capture the Activity Stream in Oracle Cloud Infrastructure Console.

Next, plan to limit or pause your development work during the days leading up to the upgrade. See Limit Development Work Before the Upgrade.