Prerequisite: Before upgrading Access Manager Appliance, perform the following actions:
If you are upgrading Access Manager, and want to use syslog for auditing, you must first upgrade the base operating system.
If you have customized the tomcat.conf file or the server.xml file, back up these files before upgrading. These files are overwritten during the upgrade process.
NOTE:Platform Agent and Novell Audit are no longer supported. Access Manager 4.2 onwards, the installation no longer installs Platform Agent and Novell Audit for auditing. If you upgrade from an older version of Access Manager to 4.4, Platform Agent is still available. It is recommended to use syslog for auditing. For more information about auditing, see Configuring Access Manager Appliance for Auditing in the NetIQ Access Manager Appliance 4.4 Administration Guide.
IMPORTANT:If you are using SQL database and you are upgrading to Access Manager 4.4, you must run a utility to re-factor the database. This is to ensure that Access Manager and its associated products use the same naming convention. For more information about this utility and how to run it, see Section B.0, Refactoring SQL Database.
Perform the following steps to upgrade Access Manager Appliance.
Log in as the root user.
Download the tar.gz file of Access Manager Appliance from dl.netiq.com and extract the tar.gz file using the following command:
tar -xzvf <filename>
NOTE:For information about the name of the file, see the specific Release Notes on the Access Manager Appliance Documentation website.
Change to the directory where you extracted the file, then run the following command:
./sb_upgrade.sh
IMPORTANT:httpd.conf file will be overwritten with a new file because Access Manager Appliance 4.4 upgrades Apache 2.2 to Apache 2.4 to support WebSocket. A backup of the existing httpd.conf file will be available at /root/nambkup.
This is not applicable if you are upgrading Access Manager Appliance 4.4 to a later version because Apache 2.4 is installed already.
Type Y to continue with the upgrade, then press Enter.
The system displays a warning message to back up the existing JSP files. It also displays an information message that Access Manager configuration uses various settings to ensure higher security.
Type Y to continue with the upgrade, then press Enter.
Enter the Access Manager Administration Console user ID.
Enter the Access Manager Administration Console password.
Re-enter the password for verification.
The system displays the following message when the upgrade is complete:
Upgrade completed successfully.
NOTE:
If you have customized the Java settings in the /opt/novell/nam/idp/conf/tomcat.conf file, then copy the customized setting to the new file after the upgrade.
If OAuth and OpenID Connect protocol is enabled, then after upgrading you must update Administration cluster to use the JSON Web Token (JWT token). For more information about JWT token, see Understanding How Access Manager Uses OAuth and OpenID Connect in the NetIQ Access Manager Appliance 4.4 Administration Guide.
NOTE:If you have enabled history for risk-based authentication in a prior version of Access Manager, you must upgrade the database for risk-based authentication after upgrading to 4.4. You can find the upgrade script here: /opt/novell/nids/lib/webapp/WEB-INF/RiskDBScripts.zip.
MySQL: Run netiq_risk_mysql_upgrade.sql
Oracle: Run netiq_risk_oracle_upgrade.sql
Microsoft SQL Server: Run netiq_risk_sql_server_upgrade.sql
NOTE:To use Syslog for auditing, you need to upgrade the base operating system. After the upgrade, install the Syslog RPMs manually. To install the RPMs, execute the following command: zypper in -t pattern NetIQ-Access-Manager.
After upgrading Access Manager, manually remove the portal related proxy service and protected resources.
In Administration Console, click Access Gateway > Cluster > Edit > NAM - RP.
Select the namportal path based service. Click Delete.
Click Protected Resources. Delete the following Protected Resources: portal and portal_public.
Click OK until Access Gateway Servers page appears. Click Update.