8.4 Upgrading Procedure

Before starting the upgrade procedure, ensure that you review the considerations in Planning to Upgrade Identity Governance.

  1. (Optional) Run reports for any review run details you want to make available after the upgrade.

  2. Run the Identity Governance Configuration utility with the -es option to get a list of system settings for your current environment. Keep the list to compare to the list you generate after upgrading.

  3. Complete or stop all scheduled items, running reports, and running reviews before starting the upgrade process.

  4. Use the Data Purge utility to delete unwanted data before upgrading. For more information, see Identifying Purgeable Data in the NetIQ Identity Governance Administrator Guide.

  5. Stop Identity Governance (and Tomcat). For more information, see Stopping, Starting, and Restarting Tomcat.

  6. Back up and export (PostgreSQL only) your full Identity Governance data and confirm that you can restore it with no problems.

    Include the following databases:

    • igops

    • igdcs

    • igwf

    • igara

    • reporting (or your reporting database name)

    For more information, see Backup and Restore in the PostgreSQL Documentation.

  7. (Conditional) If you have an Oracle database, perform the following steps:

    1. Backup the igops schema.

    2. Run the following command to identify virtual columns: 

      select distinct c.table_name, e.extension_name 
    from sys.user_tab_cols c 
      inner join sys.user_stat_extensions e on e.table_name = c.table_name
    where c.virtual_column = 'YES' and e.droppable = 'YES';

    3. Run the following script, modified for your specific environment details, to drop extended statistics and so the virtual columns: 

      declare
  v_owner varchar2(255);
  v_table varchar2(255);
  v_extension varchar2(32000);
begin
  select SYS_CONTEXT('USERENV', 'SESSION_USER') into v_owner from DUAL;
  for rec in (
    select distinct c.table_name, dbms_lob.substr(e.extension, 32000, 1) as extension, 
    from sys.user_tab_cols c 
      inner join sys.user_stat_extensions e on e.table_name = c.table_name
    where c.virtual_column = 'YES' and e.droppable = 'YES'
  )
  loop
    v_table := rec.table_name;
    v_extension := rec.extension;
    execute immediate ’call dbms_stats.drop_extended_stats(:v_owner, :v_table, :v_extension)' using v_owner, v_table, v_extension;
  end loop;
end;

    For more information, see Tips and Tricks Invisible Columns in Oracle Database 12c.

  8. Move your generated reports (pdf and csv) from the Reporting home folder to a backup directory.

  9. Stop PostgreSQL.

  10. Uninstall Identity Governance and Identity Reporting. For more information, see Section 9.0, Uninstalling Identity Governance.

  11. Uninstall OSP and clean up any remaining files and folders. The default installation directory is:

    • Linux: /opt/netiq/idm/apps/osp

    • Windows: C:\netiq\idm\apps\osp

  12. Uninstall Tomcat and clean up any remaining files and folder.

  13. (Conditional) If using PostgreSQL, uninstall PostgreSQL. For more information, see PostgreSQL Installation Procedure in the PostgreSQL documentation. The uninstall information is at the end of the section.

  14. Ensure that your servers meet the minimum hardware and software requirements for this version of Identity Governance. For more information, see Section 1.9, Hardware and Software Requirements. Update any required components.

  15. (Conditional) If you are running on Windows, reboot the Windows server.

  16. (Conditional) Upgrade the database server if you are running Microsoft SQL Server or Oracle to the latest supported version by following the database platform instructions.

  17. (Conditional) Install the most recent version of Postgres. For more information, see Section 2.0, Installing Components Required for Identity Governance

  18. (Conditional) If using PostgreSQL, add the following users and role:

    • idm_rpt_cfg

    • igara

    • igarc

    • igdcs

    • igops

    • igrptuser

    • igwf

    • ig_rpt_role

  19. (Conditional) If you have exported the PostgreSQL data, import your data to the new database.

  20. Install Tomcat and any other required or optional components for Identity Governance. For more information, see Section 2.0, Installing Components Required for Identity Governance.

  21. Install the current version of OSP. For more information, see Section 3.0, Installing an Authentication Service.

  22. Install the current version of Identity Governance and Identity Reporting. For more information, see Section 4.0, Installing Identity Governance.

  23. (Conditional) Add the virtual columns back into the Oracle database. For more information, see Tips and Tricks Invisible Columns in Oracle Database 12c.

  24. Start Identity Governance (and Tomcat). For more information, see Stopping, Starting, and Restarting Tomcat.

  25. (Optional) If you want to install the current version of Identity Reporting at a time other than when you install Identity Governance, see Section 5.0, Installing Identity Reporting.

  26. After the installation completes, copy the generated pdf and csv report files to the location specified during the installation.

  27. (Conditional) Log in to Identity Governance to review any customized settings you have made to the UI. Because of changed or additional element IDs and the different navigation settings, customizations you made to your previous environment might not work as expected. Adjust your customizations as needed.

  28. Review changes to existing collectors and adjust mappings as necessary.

    Upgrading Identity Governance does not update data collectors. New data collection options added in the new release only appear if you create a new collector from the new template.

  29. (Conditional) If you are collecting identities from a source that supports change events, run the Identity Source Migration and Upgrade utility to convert your existing source to use change event processing. If you are already using a change event collector, you can also use the utility to upgrade the configuration. For more information, see Migrating an Identity Collector to a Change Event Identity Collector in the NetIQ Identity Governance Administrator Guide.

  30. Publish the collected data again to populate the business roles and other items. For more information, see Publishing the Collected Data in the NetIQ Identity Governance Administrator Guide.

  31. Activate schedules or create new schedules, if needed.

  32. To restore your Administration settings, complete the following steps:

    1. Log in to Identity Governance as a Global Administrator.

    2. Select Administration.

    3. Restore your values in the following Administration sections, as needed:

      • Risk Level Configuration

      • General Settings

      • Identity Manager System Connection Information

    4. Save your changes.

  33. Restore your values for Escalation timeout and Reminder notification in your review definitions.

  34. Run the Configuration utility to restore your values for Workflow Settings > Notification System. For more information, see Running the Identity Governance Configuration Utility.

  35. Run the Configuration utility with the -es option to get a list of system settings for your upgraded environment. Compare it to the list you generated before upgrading and restore any additional custom settings for your environment.