IMPORTANT:If the base operating system is RHEL 7.6, you must first upgrade to Access Manager 4.5, then upgrade to RHEL 7.9.
If you have downloaded the evaluation version and want to keep your configuration after purchasing the product, you need to upgrade each of your components with the purchased version. The upgrade to the purchased version automatically changes your installation to a licensed version.
After you have purchased the product, log in to the NetIQ Customer Center and follow the link that allows you to download the product. Then use the following sections for instructions on upgrading the components:
If Identity Server is installed on the same machine as Administration Console, Identity Server is automatically upgraded with Administration Console.
Perform the following steps to upgrade the evaluation version to the purchased version:
Open a terminal window.
Log in as the root user.
Download the upgrade file from Customer Center and extract the tar.gz file using the following command: tar -xzvf <filename>.
NOTE:For information about the name of the upgrade file, see the specific Release Notes on the Access Manager Documentation Website.
Change to the directory where you unpacked the file, then enter the following command in a terminal window:
./upgrade.sh
The system displays the confirmation message along with the list of installed components. For example, if Administration Console and Identity Server are installed on the same machine, the following message is displayed:
The following components were installed on this machine 1. Access Manager Administration Console 2. Identity Server Do you want to upgrade the above components (y/n)?
Type Y and press Enter.
Type Y to continue with the upgrade, then press Enter.
Enter the Access Manager Administration Console user ID.
Enter the Access Manager Administration Console password.
Re-enter the password for verification.
The system displays the following message when the upgrade is complete:
Upgrade completed successfully.
The upgrade logs are located in the /tmp/novell_access_manager/ directory. The logs have time stamping.
If you encounter an error, see Troubleshooting Linux Administration Console Upgrade.
Access Manager by default supports Tomcat 8.5.32 and OpenSSL 1.0.2r. Due to this, Identity Server and Access Gateway disable requests from clients that are on versions lower than TLS1. However, Access Gateway can continue communication with web servers that are on versions lower than TLS1.
If Identity Server is installed on the same machine as Administration Console, Identity Server is automatically upgraded with Administration Console. If you are upgrading this configuration and you have custom JSP pages, you can backup these files or allow the upgrade program to back them up for you.
Perform the following steps to upgrade Administration Console:
NOTE:To prevent security vulnerability, Access Manager uses the jQuery version that is higher than the version used in the earlier release of Access Manager. The higher version of jQuery is not compatible with the Skype for Business 2016 application. Hence, after the upgrade, you cannot log in to Skype for Business 2016 using the Identity Server login page.
If you want to continue using an old version of jQuery, which is less secure, see Single Sign-on Fails in Skype for Business 2016
in the Access Manager 4.5 Administration Guide.
Back up any customized JSP pages and related files.
Even though the upgrade program backs up the JSP directory and its related files in the /root/nambkup folder, it is a good practice to backup these files.
/var/opt/novell/tomcat/webapps/nidp/jsp
Open a terminal window.
Log in as the root user.
Download the upgrade file from Customer Center and extract the tar.gz file using the following command: tar -xzvf <filename>.
NOTE:For information about the name of the upgrade file, see the specific Release Notes on the Access Manager Documentation website.
Change to the directory where you unpacked the file, then enter the following command in a terminal window:
./upgrade.sh
The system displays the confirmation message along with the list of installed components. For example, if Administration Console and Identity Server are installed on the same machine, the following message is displayed:
The following components were installed on this machine 1. Access Manager Administration Console 2. Identity Server Do you want to upgrade the above components (y/n)?
Type Y and press Enter.
The system displays a warning message because the latest version of Access Manager uses stronger TLS protocols, ciphers, and other security settings.
If you are using a BTRFS filesystem, the system displays a warning message that the BTRFS filesystem might cause performance issues with the eDirectory database. It is recommended to change the filesystem from BTRFS to any other available filesystem.
For information about moving the existing database from BTRFS filesystem to any other available filesystem, see TID 7022755.
Type Y to continue with the upgrade, then press Enter.
If you do not want to include the security configurations, then type n. This stops the upgrade.
Enter the Access Manager Administration Console user ID.
Enter the Access Manager Administration Console password.
Re-enter the password for verification.
The system displays the following confirmation message:
Do you want to back up the configuration before the upgrade (y/n)?
Type Y and press Enter.
The system displays the following message when the upgrade is complete:
Upgrade completed successfully.
NOTE:If the configuration backup fails, the system displays the following message:
The configuration backup failed. Do you want to continue the upgrade without a backup (y/n)?
You can complete the upgrade by typing Y. However, the configuration will not have a backup.
(Optional) To view the upgrade files:
To view the upgrade log files, see the files in the /tmp/novell_access_manager directory.
If you selected to back up your configuration and used the default directory, see the zip file in the /root/nambkup directory. The log file for this backup is located in the /var/log directory.
If Identity Server is installed on the same machine, the JSP directory was backed up to the /root/nambkup directory. The file is prefixed with nidp_jps and contains the date and time of the backup.
NOTE:If you have customized the Java settings in the /opt/novell/nam/idp/conf/tomcat.conf file, then after the upgrade, you must copy the customized setting to the new file.
If you encounter an error, see Section 17.3, Troubleshooting Linux Administration Console Upgrade.