Identity Reporting includes two drivers. Perform the upgrade in the following order:
NOTE:Ensure that your database is upgraded to a supported version.
Upgrade your database to a supported version. For information on upgrading PostgreSQL database, see Upgrading PostgreSQL.
Upgrade Sentinel Log Management for IGA. For more information, see Upgrading Sentinel Log Management for IGA.
Upgrade Identity Reporting. For more information, see Upgrading Identity Reporting.
Configure the Managed System Gateway driver. For more information, see Configuring the Managed System Gateway Driver.
Configure Data Collection. For more information, see Configuring Settings and Data Collection in the Administrator Guide to NetIQ Identity Reporting.
During upgrade, ensure that you specify the correct location for the postgresql-9.4.1212.jar file. The default location is /opt/netiq/idm/postgres/. The database connection will fail in the following scenarios:
if you provide the incorrect path
if you provide the incorrect jar file
if the firewall is enabled
if the database does not accept connections from remote machines
Download the SentinelLogManagementForIGA8.2.2.0.tar.gz from the NetIQ downloads Website.
Navigate to a directory where you want to extract the file.
Run the following command to extract the file.
tar -zxvf SentinelLogManagementForIGA8.2.2.0.tar.gz
Navigate to the SentinelLogManagementforIGA directory.
To install SLM for IGA, run the following command:
./install.sh
Specify the language that you want to use for installation, then press Enter.
Enter y to accept the license agreement and complete the upgrade.
NOTE:After SLM for IGA is upgraded, manually import the latest collectors.
Navigate to the directory where you have extracted the SentinelLogManagementForIGA8.2.2.0.tar.gz file.
Navigate to the /content/ directory.
Import and configure the collectors. For more information, see Installing and Configuring the Sentinel Collectors in NetIQ Identity Manager - Configuring Auditing in Identity Manager.
Download the Identity_Manager_4.8_Linux.iso from the NetIQ Downloads website.
Mount the downloaded .iso.
Run the following command:
./install.sh
Read through the license agreement.
Enter y to accept the license agreement.
Specify whether you want upgrade the Identity Manager components. The available options are y and n.
Select Identity Reporting to proceed with the upgrade.
Specify the following details:
OSP Installed: Specify if OSP is installed.
OSP Install Folder: Specify the backup installation folder for OSP.
Reporting Installation Folder for backup: Specify the Reporting Installation folder.
Create schema for Identity Reporting: Specify whether you want to create the schema for your database now or later. The available options are Now, Startup, and File.
Identity Reporting Database JDBC jar file: Specify the database JAR file for Identity Reporting. The default location of the existing database jar file is /opt/netiq/idm/apps/postgres/postgresql-9.4.1212.jar.
Identity Reporting Database user: Specify the name of the Reporting database user.
Identity Reporting Database account password: Specify the Reporting database password.
NOTE:After upgrading Identity Manager to 4.8,
Data synchronization policy will not be visible in IDMDCS UI. If you are planning to create a new policy, you must remove the existing data synchronization policy in Sentinel server and create a new data synchronization policy using IDMDCS UI after configuring Identity Reporting.
The com.netiq.rpt.ssl-keystore.type property in ism-configuration.properties file will retain the value (JKS/PKCS12) that was set prior to upgrade.
In a distributed setup, after upgrading Identity Applications and Identity Reporting from 4.7.x to 4.8, perform the following steps:
Run the following command to import the OSP certificate from the idm.jks file of the Identity Applications and place it in a new Java Keystore file:
/opt/netiq/common/jre/bin/keytool -importkeystore -srckeystore /opt/netiq/idm/apps/tomcat/conf/idm.jks -srcstorepass novell-destkeystore ./idm.jks -deststorepass novell -srcalias "cn=<user-name>, o=<organization-name>" -destalias "cn=<user-name>" -noprompt
For example:
/opt/netiq/common/jre/bin/keytool -importkeystore -srckeystore /opt/netiq/idm/apps/tomcat/conf/idm.jks -srcstorepass novell-destkeystore ./idm.jks -deststorepass novell -srcalias "cn=sean, o=novell" -destalias "cn=sean" -noprompt
Replace the existing Java Keystore file in the Identity Reporting server with this newly created keystore file and restart the Identity Reporting server.
During upgrade, if you have selected Database Schema creation as Startup or File, ensure you do the following:
Log in to Identity Reporting.
Delete the existing datasource and report definitions from the Identity Reporting repository.
Add the new Identity Manager Data Collection Services datasource.
After upgrading Identity Reporting to 4.8, navigate to the ism-configuration.properties file located at /opt/netiq/idm/apps/tomcat/conf/ directory and perform the following actions:
Change the value of the com.netiq.rpt.landing.url property as follows:
com.netiq.rpt.landing.url = ${com.netiq.idm.osp.url.host}/idmdash/#/landing
Change the value of the com.netiq.idmdcs.landing.url property as follows:
com.netiq.idmdcs.landing.url = ${com.netiq.idm.osp.url.host}/idmdash/#/landing
Specify the value for the com.netiq.rpt.redirect.url property in the following format: https:<hostname>:<port>/path
For example, com.netiq.rpt.redirect.url = https://192.168.0.1:8543/IDMRPT/oauth.html
After making the required changes, save the file and restart Tomcat.
If your database is configured over SSL, replace ssl=true with sslmode=require in the server.xml file from PATH located at /opt/netiq/idm/apps/tomcat/conf/.
For example, change
jdbc:postgresql://<postgres db>:5432/idmrptdb?ssl=true
to
jdbc:postgresql://<postgres db>:5432/idmrptdb?sslmode=require
Launch Identity Reporting.
Verify that old and new reports are being displayed in the tool.
Look at the Calendar to see whether your scheduled reports appear.
Ensure that the Settings page displays your previous settings for managed and unmanaged applications.
Verify that all other settings look correct.
Verify whether the application lists your completed reports.