Upgrade Guide › Upgrade Procedures › Identity Management Server Upgrade

Identity Management Server Upgrade

The Identity Management server is the last server that you upgrade. If you have multiple Identity Management servers, upgrade the primary server first.

Before you upgrade the Identity Management server, note the following points:

• During a role definition update, Identity Management and tenants may be inaccessible.
• Do not perform administrative updates when upgrading the Identity Management server.
• Do not upgrade the second Identity Management server until the first server completes with role definition updates.

Follow these steps:

1. SSH into the system to be upgraded.
2. Navigate to this directory.

   /opt/CA/saas/repo/application/
   

   If this directory has an upgradeBackupList.sh file, it includes a BACKUP_LIST environment variable. This variable defines files that are backed up before the upgrade and restored after the upgrade. You can add or remove file names from this list as necessary.

3. Verify that a backup of the /tmp/properties.sh file exists.
4. Export the directory and environment to XML for each tenant environment.

   Important! You need the XML files in case you have modified any default roles, task, or screens. These items are overwritten during the upgrade.

5. Unzip the new kit for the system being upgraded into the root file system folder. For example, enter the following commands:

   cd /
   unzip -o CAM-Identity Management SERVER_kit-version.zip
   

6. Compare the updated properties.sh with the version of the properties.sh file in the tmp/properties.sh file in the kit.
   1. Diff the properties.sh file that you updated and the tmp/properties file. Enter the following command:

      diff /serverkit/properties.sh /tmp/properties.sh
      

   2. Make appropriate changes to the backup version of properties.sh file as required.
   3. Modify the _jce_zip_file property to the full file path to the JCE policy zip file. You download the UnlimitedJCEPolicyJDK7.zip file from the Oracle web site.
   4. Modify the property "JAVA64_KIT" to use "jdk-7u40-linux-x64.tar.gz" instead of "jdk-6u45-linux-x64.bin" as shown here:

      JAVA64_KIT=/JDK-installation-directory/jdk-7u40-linux-x64.tar.gz; export JAVA64_KIT

   5. If you are using JBOSS 5.1.2 EAP, download JBPAPP-8693.zip from the JBoss site. Enter the location of the ZIP file followed by an export command. For example:

      JBOSS_EAP_PATCH="/root/JBPAPP-8693.zip"; export JBOSS_EAP_PATCH

   6. Rename the properties starting with _oracle_schema to begin with _db_schema and use values for your database user:

      _db_schema_user=<your db user>; export _db_schema_user
      _db_schema_password=<your db user password>; export _db_schema_password
      

   7. Add these properties at the bottom of file:

      _oracle_schema_user=$_db_schema_user; export _oracle_schema_user
      _oracle_schema_password=$_db_schema_password ; export _oracle_schema_password
      

7. Run the upgrade:

   cd /opt/CA/saas/repo/application/
   ./appliance_local.sh   config
   

8. Reimport the directory and environment XML files that you backed up.

Verify the upgrade:

1. Verify services are running:

   ps -ef |grep java
   

   JBoss and the DxAgentService should be running.

2. Verify DSA routers are running

   su - dsa
   dxserver status
   

   You should see XXX-cam-tenant-router started.

3. For each Identity Management server running JBOSS EAP, perform these steps:
   1. Navigate to this directory

      /opt/boss-eap-5.1.2/jboss-as/server/all/conf/props/
      

   2. Edit this file to uncomment the "#admin=admin" line.

      jmx-console-users.properties
      

4. Restart each Identity Management server using JBoss EAP. Execute these commands:

   service im stop
   service im start  
   

5. Restart Tomcat on the Policy Server that you upgraded as follows:

   /opt/CA/AdvancedAuth/Tomcat/bin/shutdown.sh
   /opt/CA/AdvancedAuth/Tomcat/bin/startup.sh
   

Upgrade Tenant Backup Files

The system has a file named the upgradeBackupList.sh. This file contains an array of file names to back up before the upgrade, and then restored after the upgrade. If you have additional files that you want to preserve, you can add or remove file names from this list as necessary.

Follow these steps:

1. Find the variable named BACKUP_LIST, line 391 (It is an array enclosed in parenthesis).
2. Insert the filename(s) in each set of quotes separated by spaces and inside the parenthesis.

Set the Connection Type as Your JDBC Connection

Perform this procedure if SSO reports were enabled before the upgrade. After the upgrade, the Identity Management server SSO Reporting tasks are missing the JDBC connection information. To correct this, set the connection type as your JDBC connection.

The following tasks are SSO reports that you have to modify:

• SSO-Authentications by Authentication Type Report
• SSO-Unique User Authentications Detail Report
• SSO-Unique User Authentications Summary Report
• SSO-Authentications by Auth type per Application Report
• SSO-User Accesses per Application Report
• SSO-User Access Detail Report
• SSO-User Authentication Detail Report

Follow these steps:

1. Log in to the User Console as the CSP administrator.
2. Select Roles and Tasks, Admin Roles, Modify Admin Task.
3. Search for the tasks listed above.
4. Select the Search tab, and then click Browse to locate the search screen for each task. By default, the search screen will be selected in the list.
5. Edit the search screen for the report task: choose your JDBC connection under Connection Object for the Report.
6. Click Submit.