Automatic version control is integrated into One Identity Manager, ensuring that One Identity Manager components are always consistent with each other and with the database. If program extensions that change the structure are implemented - for example, table extensions - the database needs to be updated.
You need to update the database if hotfixes and service packs are available for the version of One Identity Manager you are currently running or for complete version updates. In addition, customer-specific changes must be transferred from a development database into the test database and into the production system database.
IMPORTANT: Test changes in a test system before you load a transport package into a live system.
You can customize the One Identity Manager schema by loading so-called transport packages. One Identity Manager recognizes the following types of transport packages that can be copied to the database depending on requirements.
Table 21: Transport package
Migration package |
Migration packages are provided by for the initial database schema installation, for service pack and complete version updates. A migration package contains all the necessary tables, data types, database procedures, and the default One Identity Manager configuration. |
Configuration Wizard |
Hotfix package |
Hotfix packages are provided to load individual corrections to the default configuration such as templates, scripts, processes, or files into the database.
NOTE: If a hotfix package only contains changed files, load these files into the database using the Software Loader file. |
Database Transporter
Software Loader |
Custom configuration package |
A custom configuration package is used to exchange customer specific changes between the development, test, and productive system database. This transport package is created by the customer and loaded into the database. |
Database Transporter |
NOTE: If, in additional to a hotfix package, there are additional customized configuration settings to be installed in a One Identity Manager database, create a custom configuration package and use the Database Transporter to import it into the target database. There is no support for merging a hotfix package with a custom configuration package into one transport package.
Related topics
IMPORTANT: Test your changes in a test system before you load a migration package in a productive system. Use a copy of the production database for testing.
NOTE: Always start the Configuration Wizard on an administrative workstation!
To update a database
-
Start the Configuration Wizard.
-
On the Configuration Wizard home page, select the Update database option and click Next.
-
On the Select database page, select the database and installation directory.
-
Select the database connection in the Select a database connection pane. Select a user who at least has administrative permissions for the One Identity Manager database.
-
In the Installation source pane, select the directory with the installation files.
-
Configuration modules and version information are shown on the Product description page.
-
Select the module you want to update.
-
Confirm that you have an up-to-date backup of database.
-
Confirm that the database consistency checks were run.
-
Set Add other modules to select other modules.
-
On the Select configuration modules page, select the additional modules and confirm the security prompt.
NOTE: This page is only shown if you set Add more modules.
If you add more modules, your custom administrative users obtain the permissions for this module.
-
On the Select agent for processing page, specify which agent processes the internal database tasks.
-
Database Agent Service: Internal tasks are processed by the Database Agent Service. Ensure that the Database Agent Service is installed and configured. The Database Agent Service is deployed through the One Identity Manager Service plugin.
IMPORTANT: This is an EXPERIMENTAL function. The performance impact on production systems has not been determined. Therefore this feature is not yet covered by support. However, you are welcome to try it (preferably in non-production systems) and if you have any feedback, send it to OneIM.Beta@oneidentity.com.
-
SQL Server Agent: The internal tasks are processed by the SQL Server agent. This creates the required database schedules. Ensure that the SQL Server agent is started.
-
On the Database check page, errors are displayed that prevent the database from being processed. Correct the errors before you continue updating.
-
On the Initiating the update page, you will go through the different phases in preparation for database update.
NOTE: This page is only displayed when updating a database that has at least One Identity Manager version 8.2.
This step-by-step preparation is intended to ensure that users are informed about the upcoming update and that processes can be shut down in a targeted manner.
Alternatively, you can start the database update immediately. This skips the preparation phases.
-
Other users with existing connections to the database are displayed on the Active sessions page.
-
On the Create a new login for administrators page, decide which SQL server login to use for administrative users.
NOTE: This page is only shown when updating a One Identity Manager database from version 8.0.x to version 8.2.1.
If you want to switch to granular permissions when you update from version 8.1.x at a later date, contact support. To access the Support Portal, go to https://support.oneidentity.com/identity-manager/.
You have the following options:
-
Create new SQL Server logins for the database: Select this option if you want to work with granular permissions.
This sets up a new administrative login on the SQL Server.
Later on in the process, the Configuration Wizard sets up additional SQL Server logins for the configuration user and the end user.
-
Use the current SQL Server login for the database: If you select this option, no other SQL server logins are created for the database. In this case, you cannot work with granular permissions concepts at SQL level.
The user you specified is used to connect to the database.
-
On the System administrator connection page, enter the login credentials for the database login with system administrator permissions.
NOTE: This page is only shown if you are working with granular permissions and you have to make changes to the administration user's permissions.
-
The installation steps are shown on the Processing database page. Installation and configuration of the database are automatically carried out by the .
TIP: Set Advanced to obtain detailed information about processing steps and the migration log.
-
During the update process, you must log in as an administrative user.
-
Enter a user name and password for the administrative system user.
-
Click Connect.
-
Once processing is complete, click Next.
-
On the Create SQL server logins page, enter the login name, the password, and password confirmation for the SQL Server logins for configuration users and end users.
NOTE: The password must meet the Windows policy requirements for passwords.
NOTE: This page is only shown when upgrading a One Identity Manager database from version 8.0 to version 8.2.1 if you have opted for granular permissions on the Create a new login for administrators page.
-
On the System Information page, configure administrative system users for the One Identity Manager. Enter a password and password confirmation.
NOTE: This page is only shown if the upgrade creates new administrative system users.
-
You can configure the vendor notification on the page, Configure vendor notification.
NOTE: This page is only shown of you have not yet enabled vendor notifications.
If vendor notification is enabled, One Identity Manager generates a list of system settings once a month and sends it to One Identity. This list does not contain any personal data. The list will be reviewed by our customer support team, who will look for material changes in a proactive effort to identify potential issues before they materialize on your system. The lists may be used by our R&D staff for analysis, diagnosis, and replication for testing purposes. We will keep and refer to this information for as long as your company remains on support for this product.
-
To use the function, set Enable vendor notification and enter your company's contact email address in Email address for contact.
The email address is used as the sender address for notifying vendors.
-
Set Disable vendor notification if you do not want to use this functionality.
-
On the last page of the Configuration Wizard, click Finish.
Related topics
The One Identity Manager database is updated automatically by the Configuration Wizard. This procedure may take some time depending on the amount of data and system performance.
The Configuration Wizard performs the following steps:
-
Prepare the update.
NOTE: This step is performed only when updating a database that has at least One Identity Manager version 8.2.
This runs through the various phases for preparing the database update. This step-by-step preparation is intended to ensure that users are informed about the upcoming update and that processes can be terminated in a targeted manner. Alternatively, you can start the database update immediately. This skips the preparation phases.
These are the phases:
-
Normal operation mode: The database is in normal operating mode. The update process has not yet been initiated.
-
Updating information: All database users are informed about the upcoming update. The system does accept anymore processes. The preparation phase is displayed in the program's status bar.
-
Preparing update: New users cannot log in to the database anymore. All running processes will still be completed. If this is taking a long time, check the Job queue and the DB queue for processes. The preparation phase is displayed in the program's status bar.
-
Running update: The database is ready for updating. The update can start. The preparation phase is displayed in the program's status bar.
-
Updating the One Identity Manager schema.
Before the schema update, the Configuration Wizard checks the database. Error messages are displayed in a separate window. The errors must be corrected manually. The schema update cannot be started until these are resolved.
All the tables, data types, and database procedures that are required are loaded into the database by the schema update. When a migration package is imported into a One Identity Manager database, the following operations are carried out:
Table 22: Operations on importing a migration package
Paste |
If the object is not found in the target database, a new object is created with the key values. |
Refresh |
If the object is found in the target database, the object is updated. |
Delete |
Objects that are no longer needed are deleted. |
During a schema update, calculation tasks are queued in the database. These are processed by the DBQueue Processor.
During a schema update with the Configuration Wizard, the migration date and the migration status are recorded in the transport history of the database.
-
Compiling the system.
Scripts, templates, and processes are declared in the database. The System user authentication module with the specified system user is used for compilation.
-
Uploading files for automatic software update.
In order to distribute One Identity Manager files using the automatic software updating mechanism, the files are loaded into the One Identity Manager database.
-
Migrating synchronization projects.
A process that migrates all existing synchronization project is queued in the Job queue. This updates the One Identity Manager schema and applies automatic patches.
-
Finalizing the update.
Processes queued by the schema update are in the final stage of processing. Finally, the database is switched back to normal operating mode.
Related topics