11.2 Upgrading the Identity Manager Engine Components

Ensure that you upgrade Identity Vault before upgrading the Identity Manager engine. The Identity Manager engine upgrade process updates the driver shim files that are stored in the file system on the host computer.

11.2.1 Upgrading the Identity Vault

  1. Download the Identity_Manager_4.8_Windows.iso as instructed in Where to Get Identity Manager in the NetIQ Identity Manager Overview and Planning Guide.

  2. Mount the downloaded.iso.

  3. Navigate to the <iso mounted location>\IdentityManagerServer\products\eDirectory\x64 directory.

  4. Run the eDirectory_920_Windows_x86_x64.exe file.

  5. In the Basic tab, specify the following details:

    • If you select New Tree, specify the following details:

      • Tree Name: Specify a tree name for Identity Vault.

      • Server FDN: Specify a server FDN.

        NOTE:Though Identity Vault allows you to set the NCP server object's FDN up to 256 characters, NetIQ recommends that you restrict the variable to a much lesser value because Identity Vault creates other objects of greater length based on the length of this object.

      • Tree Admin: Specify an administrator name for Identity Vault.

      • Admin Password: Specify the administrator password.

    • If you select Existing Tree, specify the following details:

      • IP Address: Specify the IP address of the of the existing tree for Identity Vault.

      • Port Number: Specify the port number for the existing tree. The default value is 524.

      • Server FDN: Specify a server FDN.

      • Tree Admin: Specify the existing administrator name for Identity Vault.

      • Admin Password: Specify the administrator password.

  6. (Conditional) In the Advanced tab, specify the following details:

    • To use IPv6 addresses on the Identity Vault server, select Enable IPv6.

      NOTE:NetIQ recommends that you enable this option. To enable IPv6 addressing after installation, you must run the setup program again.

    • To enable Enhanced Background Authentication (EBA), select Enable EBA.

    • Specify the HTTP clear text and secure ports. The default values are 8028 and 8030 respectively.

    • Specify the LDAP clear text and secure ports. The default values are 389 and 636 respectively.

  7. In the Install Location field, specify the location where Identity Vault is installed.

  8. In the DIB Location field, specify the location where the DIB files are located.

  9. Click Upgrade and proceed with the upgrade process.

11.2.2 Upgrading the Identity Manager Engine

Verify that the drivers are stopped. For more information, see Stopping the Drivers.

Perform the following steps to upgrade the Identity Manager Engine:

  1. Download the Identity_Manager_4.8_Windows.iso from the NetIQ Downloads website.

  2. Mount the downloaded .iso.

  3. Navigate to the <ISO installed location>\IdentityManagerServer folder and run the install.exe.

  4. Select the language that you want to use for the installation and click OK.

  5. In the Introduction page, click Next.

  6. Read and accept the license agreement and then click Next.

    The installed components and their versions are displayed.

  7. Select Identity Manager Engine and click Next.

  8. Specify the configuration settings for Identity Manager Engine. For more information, see Configuration Worksheet for Identity Manager Engine.

  9. In the pre-upgrade summary page, review the settings and click Upgrade.

Working with MapDB 3.0.5

The addition to Identity Manager Engine, MapDB is used by the following Identity Manager drivers:

  • Data Collection Services

  • JDBC

  • LDAP

  • Managed System Gateway

  • Office 365 and Azure Active Directory

  • Salesforce

If you are using any of these drivers, you must review the following sections before upgrading the driver:

Understanding Identity Manager 4.8 Engine Support for Driver Versions

Review the following considerations before upgrading an Identity Manager driver that uses MapDB:

  • Drivers shipped with Identity Manager 4.8 are compatible with Identity Manager 4.8 Engine or Remote Loader. You must follow the driver upgrade steps from the specific driver implementation guide.

  • Drivers shipped before Identity Manager 4.8 are not compatible with Identity Manager 4.8 Engine or Remote Loader.

  • Drivers shipped with Identity Manager 4.8 are not backward compatible with Identity Manager 4.7.x Engine or Remote Loader.

  • Drivers shipped with Identity Manager 4.8 are not backward compatible with Identity Manager 4.6.x Engine or Remote Loader.

Manually Removing the MapDB Cache Files

The Identity Manager Engine upgrade process leaves some of the existing MapDB cache files (dx*) in the Identity Vault’s DIB directory. You must manually remove these files for your driver after upgrading the driver. This action ensures that your driver works correctly with Identity Manager 4.8 engine.

The following table lists the MapDB cache files that must be removed:

Identity Manager Driver

MapDB State Cache File To Remove

Data Collection Services

DCSDriver_<driver instance guid>-*

<driver instance guid>-*

JDBC

jdbc_<driver instance guid>_*

LDAP

ldap_<driver instance guid>*

Managed System Gateway

MSGW-<driver-instance-guid>.*

Office 365 and Azure Active Directory

<Azure driver name>_obj.db.*

Salesforce

<Salesforce driver name>.*

<Salesforce driver name>

where * represents the name of the MapDB state cache file. In case of a Salesforce driver, the MapDB state cache files are also represented by the driver name. Below are some examples of these files.

  • DCSDriver_<driver instance guid>-0.t, <driver instance guid>-1.p

  • jdbc_<driver instance guid>_0.t, jdbc_<driver instance guid>_1

  • ldap_<driver instance guid>b, ldap_<driver instance guid>b.p

  • MSGW-<driver instance guid>.p, MSGW-<driver instance guid>.t

  • <Azure driver name>_obj.db.t, <Azure driver name>_obj.db.p

  • <Salesforce driver name>.p, <Salesforce driver name>.t, Salesforce driver1

11.2.3 Upgrading the Remote Loader

If you are running the Remote Loader, you need to upgrade the Remote Loader files.

NOTE:Before upgrading .NET Remote Loader, ensure that you have successfully installed all the Windows updates on your system.

  1. Create a backup of the Remote Loader configuration files. The default location of the files is C:\...\RemoteLoader\remoteloadername-config.txt.

  2. Verify that the drivers are stopped. For instructions, see Stopping, Starting, or Restarting a Driver in Designer in the NetIQ Identity Manager Driver Administration Guide.

  3. Stop the Remote Loader service or daemon for each driver.

    In the Remote Loader Console, select the Remote Loader instance, then click Stop.

  4. Stop the lcache process using Windows Task Manager.

  5. Download the Identity_Manager_4.8_Windows.iso from the NetIQ Downloads website.

  6. Mount the downloaded .iso.

  7. Navigate to the <ISO installed location>\IdentityManagerServer folder and run the install.exe.

  8. Select the language that you want to use for the installation and click OK.

  9. In the Introduction page, click Next.

  10. Read and accept the license agreement and then click Next.

    The installed components and their versions are displayed.

  11. Select Remote Loader Service and click Next.

  12. In the pre-upgrade summary page, click Upgrade.

  13. After the upgrade is complete, verify that your configuration files contain your environment’s information.

  14. (Conditional) If there is a problem with the configuration file, copy the backup file that you created in step 1. Otherwise, continue with the next step.

  15. Start the Remote Loader service or daemon for each driver.

IMPORTANT:If your driver uses MapDB, manually remove the existing MapDB state cache files for the driver after upgrading the driver. This is required because Identity Manager engine upgrade process does not remove all of these files from the Identity Vault’s DIB directory. For more information, see Working with MapDB 3.0.5.

11.2.4 Upgrading the Java Remote Loader

  1. Create a backup of the Remote Loader configuration files. The default location of the files is C:\...\RemoteLoader\remoteloadername-config.txt.

  2. Verify that the drivers are stopped. For instructions, see Stopping, Starting, or Restarting a Driver in Designer in the NetIQ Identity Manager Driver Administration Guide.

  3. Stop the Remote Loader service or daemon for each driver.

    In the Remote Loader Console, select the Remote Loader instance, then click Stop.

  4. Stop the lcache process using Windows Task Manager.

  5. Download the Identity_Manager_4.8_Windows.iso from the NetIQ Downloads website.

  6. Mount the downloaded .iso.

  7. Navigate to the <ISO installed location>\IdentityManagerServer\products\IDM\java_remoteloader folder.

  8. Copy and replace the dirxml_jremote_dev.tar.gz file in your existing Java Remote Loader installed directory.

  9. Based on the file present in your existing setup, copy and replace one of the following files in your existing Java Remote Loader installed directory:

    • dirxml_jremote.tar.gz

    • dirxml_jremote_mvs.tar

  10. Extract the files that you have copied in step 8 and step 9.

    Use the 7-zip or supported software to unzip the .tar.gz file.

  11. (Conditional) If there is a problem with the configuration file, copy the backup file that you created in step 1. Otherwise, continue with the next step.

    NOTE:Use the version.txt file to ensure that you have the latest version of Java Remote Loader.

  12. Start the Remote Loader service or daemon for each driver.

11.2.5 Upgrading iManager

The upgrade process for iManager uses the existing configuration values in the configiman.properties file, such as port values and authorized users. Before upgrading iManager to the 3.2 version, NetIQ recommends that you:

  • Upgrade eDirectory to the 9.2 version.

  • Back up the server.xml and context.xml configuration files.

The upgrade process includes the following activities:

Upgrading iManager

Before upgrading iManager, ensure that the computer meets the prerequisites and system requirements.

NOTE:The upgrade process uses the HTTP port and SSL port values that were configured in the previous version of iManager.

  1. Download the Identity_Manager_4.8_Windows.iso from the NetIQ Downloads website.

  2. Mount the downloaded .iso.

  3. Navigate to the <ISO installed location>\IdentityManagerServer folder and run the install.exe.

  4. Select the language that you want to use for the installation and click OK.

  5. In the Introduction page, click Next.

  6. Read and accept the license agreement and then click Next.

    The installed components and their versions are displayed.

  7. Select iManager Web Administration and click Next.

  8. Specify the settings for iManager. For more information, see Configuration Worksheet for Identity Manager Engine.

  9. In the pre-upgrade summary page, review the settings and click Upgrade.

Updating Role-Based Services

NetIQ recommends that you update your RBS modules to the latest version so that you can see and use all of the available functionality in iManager.

NOTE:

  • When updating or re-installing iManager, the installation program does not update existing plug-ins. To update plug-ins manually, launch iManager and navigate to Configure > Plug-in Installation > Available Novell Plug-in Modules.

  • Different installations of iManager might have a different number of plug-ins locally installed. As a result, you might see discrepancies in the module report for any given collection from the Role Based Services > RBS Configuration page. For the numbers to match between iManager installations, ensure that you install the same subset of plug-ins on each iManager instance in the tree.

To check for and update outdated RBS objects:

  1. Log in to iManager.

  2. In the Configure view, select Role Based Services > RBS Configuration.

    Review the table in the 2.x Collections tabbed page for any out-of-date modules.

  3. To update a module, complete the following steps:

    1. For the Collection that you want to update, select the number in the Out-Of-Date column.

      iManager displays the list of outdated modules.

    2. Select the module you that want to update.

    3. Click Update at the top of the table.

Re-installing or Migrating Plug-ins for Plug-in Studio

You can migrate or replicate Plug-in Studio plug-ins to another iManager instance, as well as to a new or updated version of iManager.

  1. Log in to iManager.

  2. In the iManager Configure view, select Role Based Services > Plug-in Studio.

    The Content frame displays the Installed Custom Plug-ins list, including the location of the RBS collection to which the plug-ins belong.

  3. Select the plug-in that you want to re-install or migrate, then click Edit.

    NOTE:You can edit only one plug-in at a time.

  4. Click Install.

  5. Repeat these steps for every plug-in that you need to re-install or migrate.

Updating iManager Plug-ins after an Upgrade or Re-installation

When you upgrade or re-install your iManager, the installation process does not update the existing plug-ins. Ensure that the plug-ins match the correct iManager version.

NOTE:This is the only method for updating Identity Manager plug-ins from iManager on Open Enterprise Server 2018.

  1. Open iManager.

  2. Navigate to Configure > Plug-in Installation > Available Novell Plug-in Modules.

  3. Update the plug-ins.