6.2 Upgrading Access Manager Appliance

Prerequisite: Before upgrading Access Manager Appliance, perform the following actions:

  1. Before upgrading, you must first upgrade the base operating system to the latest operating system that is included in the 4.3 Access Manager Appliance ISO. For more information about how to upgrade, see Section 5.0, Upgrading the Operating System for Access Manager Appliance.

  2. If you are upgrading Access Manager, and want to use syslog for auditing, you must first upgrade the base operating system.

  3. (Optional) On RHEL, ensure that the SELinux configuration allows communication with local TCP port 1290.

  4. If you have customized the tomcat.conf file or the server.xml file, back up these files before upgrading. These files are overwritten during the upgrade process.

NOTE:If you do not upgrade the base operating system before upgrading to 4.3, upgrade will display a warning message, but still allow upgrading to 4.3. If you are using unsupported versions for upgrade, it displays an error and terminates.

NOTE:Platform Agent and Novell Audit are no longer supported. Access Manager 4.2 onwards, the installation no longer installs Platform Agent and Novell Audit for auditing. If you upgrade from an older version of Access Manager to 4.3, Platform Agent is still available. It is recommended to use syslog for auditing. For more information about auditing, see Configuring Access Manager Appliance for Auditing in the NetIQ Access Manager Appliance 4.3 Administration Guide

Perform the following steps to upgrade Access Manager Appliance.

  1. Log in as root.

  2. Download the tar.gz file of Access Manager Appliance from dl.netiq.com and extract the tar.gz file using the following command:

    tar -xzvf <filename>

    NOTE:For information about the name of the file, see the Access Manager Appliance 4.3 Release Notes on theAccess Manager Documentation website.

  3. Change to the directory where you extracted the file, then run the following command:

    ./sb_upgrade.sh

  4. A confirmation message is displayed. 

    Platform Agent is no longer supported for auditing. It is recommended to use Syslog instead. To use Syslog, ensure that you upgrade the base Operating System followed by Access Manager/Gateway Appliance upgrade. After upgrading, enable Syslog on the Auditing user interface of the Administration Console. Do you want to proceed? (Y/N)

    Type Y to continue.

  5. The system displays a message regarding restoring customized files:

    Before you restore your existing custom pages, ensure that you read and understand the changes in steps from the Installation and Upgrade guide available online.
# It is recommended that you run XSS checks for restored JSP files as instructed in the Installation and Upgrade guide available online.

    Type Y to confirm.

    For more information about how to sanitize JSP pages, see Preventing Cross-site Scripting Attacks in the NetIQ Access Manager Appliance 4.3 Administration Guide.

  6. Type Y and press Enter.

    The system displays an information message to upgrade the base operating system and enable Syslog.

  7. Type Y to continue with the upgrade, then press Enter.

    The system displays a warning message to back up the existing JSP files.

  8. Type Y to continue with the upgrade, then press Enter.

  9. Enter the Access Manager Administration Console user ID.

  10. Enter the Access Manager Administration Console password.

  11. Re-enter the password for verification.

    The system displays the following message when the upgrade is complete:

    Upgrade completed successfully.

    NOTE:If you have customized the Java settings in the /opt/novell/nam/idp/conf/tomcat.conf file, then copy the customized setting to the new file after the upgrade.

    NOTE:If you have enabled history for risk-based authentication in a prior version of Access Manager, you must upgrade the database for risk-based authentication after upgrading to 4.3. You can find the upgrade script here: /opt/novell/nids/lib/webapp/WEB-INF/RiskDBScripts.zip.

    MySQL: Run netiq_risk_mysql_upgrade.sql

    Oracle: Run netiq_risk_oracle_upgrade.sql

    Microsoft SQL Server: Run netiq_risk_sql_server_upgrade.sql

    NOTE:To use Syslog for auditing, you need to upgrade the base operating system. After the upgrade, install the Syslog RPMs manually. To install the RPMs, execute the following command: zypper in -t pattern NetIQ-Access-Manager.

6.2.1 Removing Proxy Services And Protected Resources

After upgrading Access Manager, manually remove the portal and SSL VPN related proxy service and protected resources.

Removing Portal Related Proxy Service And Protected Resources

  1. In the Administration Console, click Access Gateway > Cluster > Edit > NAM - RP.

  2. Select the namportal path based service. Click Delete.

  3. Click Protected Resources. Delete the following Protected Resources: portal and portal_public.

  4. Click OK until the Access Gateway Servers page appears. Click Update.

Removing SSLVPN Related Proxy Service And Protected Resources

  1. In the Administration Console, click Access Gateway > Cluster > Edit > NAM - RP.

  2. Select the sslvpn path based service. Click Delete.

  3. Click Protected Resources. Delete the following Protected Resources: sslvpn and sslvpn_public.

  4. Click OK until the Access Gateway Servers page appears. Click Update.