Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 9.1 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing additional modules for a existing One Identity Manager installation Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Designer Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Advanced configuration of the Manager web application Machine roles and installation packages Configuration parameters for the email notification system How to configure the One Identity Manager database using SQL Server AlwaysOn availability groups

Updating the One Identity Manager database

Automatic version control is integrated into One Identity Manager, ensuring that One Identity Manager components are always consistent with each other and with the database. If program extensions that change the structure are implemented - for example, table extensions - the database needs to be updated.

You need to update the database if hotfixes and service packs are available for the version of One Identity Manager you are currently running or for complete version updates. In addition, customer-specific changes must be transferred from a development database into the test database and into the production system database.

IMPORTANT: Test changes in a test system before you load a transport package into a live system.

You can customize the One Identity Manager schema by loading so-called transport packages. One Identity Manager recognizes the following types of transport packages that can be copied to the database depending on requirements.

Table 21: Transport package
Transport package type Description Tool used

Migration package

Migration packages are provided by for the initial database schema installation, for service pack and complete version updates. A migration package contains all the necessary tables, data types, database procedures, and the default One Identity Manager configuration.

Configuration Wizard

Hotfix package

Hotfix packages are provided to load individual corrections to the default configuration such as templates, scripts, processes, or files into the database. Multiple hotfix packages are combined into one cumulative hotfix package.

NOTE: If a hotfix package only contains changed files, load these files into the database using the Software Loader file.

Database Transporter

Software Loader

Custom configuration package

A custom configuration package is used to exchange customer specific changes between the development, test, and productive system database. This transport package is created by the customer and loaded into the database.

Database Transporter

NOTE: If other configuration customizations are to be transferred to a One Identity Manager database in addition to a hotfix package, you can create a cumulative transport package to do this and, by using the Database Transporter, import the transport package into the target database.

Related topics

Advice on updating the One Identity Manager database

  • Test changes in a test system before you load a migration package in a production system. Use a copy of the production database for testing.

  • Before you update the One Identity Manager schema, ensure that the administrative system user, who is going to compile the database, has a password. Otherwise the schema update cannot be completed successfully.

  • Use the Configuration Wizard to update the One Identity Manager database if you have received a service pack or complete version update. The Configuration Wizard carries out the update of the schema and transfers the current status to the version history.

  • For One Identity Manager databases on SQL Servers, it is recommended, on performance grounds, that you set the database to the Simple recovery model for the duration of the schema update.

  • Start Configuration Wizard on an administrative workstation.

    Select a user who has at least administrative permissions for the One Identity Manager database to update the One Identity Manager schema with the Configuration Wizard.

    • Use the same user that you used to initially install the schema.

    • If you created an administrative user during schema installation, use that one.

    • If you selected a user with Windows authentication to install the schema, you must use the same one for updating.

    NOTE: If you want to switch to the granular permissions concept when you upgrade from version 8.0.x to version 9.1, you will also require an installation user in accordance with Users with granular permission for the One Identity Manager database on an SQL Server.

    After updating One Identity Manager, change the connection parameters. This affect the connection credentials for the database (DialogDatabase), for example, the One Identity Manager Service, the application server, administration tools and configuration tools, web applications and web services, and the connection credentials in synchronization projects.

    If you want to switch to granular permissions when you update from 8.1.x, contact support. To access the Support Portal, go to https://support.oneidentity.com/identity-manager/.

  • For the period of the update, the database is set to single user mode. Close all existing connections to the database before starting the schema update.

  • After the update has completed, the database switches automatically to multi-user mode. If this is not possible, you receive a message in which you can manually switch to multi-user mode.

  • You may experience problems activating single-user mode when using database mirroring.

  • During the update, calculation tasks are queued in the database. These are processed by the DBQueue Processor. Processing calculation tasks may take some time depending on the amount of data and system performance.

    This is particularly the case if you save large amounts of historical data in the One Identity Manager database, such as change data or data from process handling.

    Therefore, ensure that you have configured an appropriate procedure for archiving the data before you update the database. For more information about archiving data, see the One Identity Manager Data Archiving Administration Guide.

  • To ensure that HTML applications are successfully compiled, you must download packages from the NPM repository. Ensure that the workstation you are compiling on, can establish a connection to the registry.npmjs.org:443 website.

    Alternatively, you can download packages from a proxy server and install them manually.

Detailed information about this topic

Updating the One Identity Manager database with the Configuration Wizard

IMPORTANT: Test your changes in a test system before you load a migration package in a productive system. Use a copy of the production database for testing.

NOTE: Always start the Configuration Wizard on an administrative workstation!

To update a database

  1. Start the Configuration Wizard.

  2. On the Configuration Wizard home page, select the Update database option and click Next.

  3. On the Select database page, select the database and installation directory.

    1. Select the database connection in the Select a database connection pane. Select a user who at least has administrative permissions for the One Identity Manager database.

    2. In the Installation source pane, select the directory with the installation files.

  4. Configuration modules and version information are shown on the Product description page.

    1. Select the module you want to update.

    2. Confirm that you have an up-to-date backup of database.

    3. Confirm that the database consistency checks were run.

    4. Set Add other modules to select other modules.

  5. On the Select configuration modules page, select the additional modules and confirm the security prompt.

    NOTE: This page is only shown if you set Add more modules.

    If you add more modules, your custom administrative users obtain the permissions for this module.

  6. On the Database check page, errors are displayed that prevent the database from being processed. Correct the errors before you continue updating.

  7. On the Initiating the update page, you will go through the different phases in preparation for database update.

    NOTE: This page is only displayed when updating a database that has at least One Identity Manager version 8.2.

    This step-by-step preparation is intended to ensure that users are informed about the upcoming update and that processes can be shut down in a targeted manner.

    Alternatively, you can start the database update immediately. This skips the preparation phases.

    • Running through preparation phases (default)

      1. Wait until the Configuration Wizard has completed each phase of the database update preparations. The information about the phases is displayed.

      2. Click Next.

    • Starting the database update immediately

      1. Click the Click <here> to start the update immediately link.

      2. Click Next.

  8. Other users with existing connections to the database are displayed on the Active sessions page.

    • Disconnect the connections on order to start database processing.

  9. On the Create a new login for administrators page, decide which SQL server login to use for administrative users.

    NOTE: This page is only shown when updating a One Identity Manager database from version 8.0.x to version 9.1.

    If you want to switch to granular permissions when you update from version 8.1.x at a later date, contact support. To access the Support Portal, go to https://support.oneidentity.com/identity-manager/.

    You have the following options:

    • Create new SQL Server logins for the database: Select this option if you want to work with granular permissions.

      This sets up a new administrative login on the SQL Server.

      • Enter the login name, password, and password confirmation for the new SQL Server login.

      Later on in the process, the Configuration Wizard sets up additional SQL Server logins for the configuration user and the end user.

    • Use the current SQL Server login for the database: If you select this option, no other SQL server logins are created for the database. In this case, you cannot work with granular permissions concepts at SQL level.

      The user you specified is used to connect to the database.

  10. On the System administrator connection page, enter the login credentials for the database login with system administrator permissions.

    NOTE: This page is only shown if you are working with granular permissions and you have to make changes to the administration user's permissions.

  11. The installation steps are shown on the Processing database page. Installation and configuration of the database are automatically carried out by the Configuration Wizard.

    TIP: Set Advanced to obtain detailed information about processing steps and the migration log.

    1. During the update process, you must log in as an administrative user.

      1. Enter a user name and password for the administrative system user.

      2. Click Connect.

    2. Once processing is complete, click Next.

  12. On the Create SQL server logins page, enter the login name, the password, and password confirmation for the SQL Server logins for configuration users and end users.

    NOTE: The password must meet the Windows policy requirements for passwords.

    NOTE: This page is only shown when upgrading a One Identity Manager database from version 8.0 to version 9.1 if you have opted for granular permissions on the Create a new login for administrators page.

  13. On the System Information page, configure administrative system users for the One Identity Manager. Enter a password and password confirmation.

    NOTE: This page is only shown if the upgrade creates new administrative system users.

  14. You can configure the vendor notification on the page, Configure vendor notification.

    NOTE: This page is only shown of you have not yet enabled vendor notifications.

    If vendor notification is enabled, One Identity Manager generates a list of system settings once a month and sends it to One Identity. This list does not contain any personal data. The list will be reviewed by our customer support team, who will look for material changes in a proactive effort to identify potential issues before they materialize on your system. The lists may be used by our R&D staff for analysis, diagnosis, and replication for testing purposes. We will keep and refer to this information for as long as your company remains on support for this product.

    1. To use the function, set Enable vendor notification and enter your company's contact email address in Email address for contact.

      The email address is used as the sender address for notifying vendors.

    2. Set Disable vendor notification if you do not want to use this functionality.

  15. The Processing database tasks page is only shown if there are still DBQueue Processor tasks queued in the DBQueue that are prerequisite for installing the database. Once processing is complete, click Next.

  16. On the last page of the Configuration Wizard, click Finish.

Related topics

Editing the One Identity Manager database while updating with the Configuration Wizard

The One Identity Manager database is updated automatically by the Configuration Wizard. This procedure may take some time depending on the amount of data and system performance.

The Configuration Wizard performs the following steps:

  1. Prepare the update.

    NOTE: This step is performed only when updating a database that has at least One Identity Manager version 8.2.

    This runs through the various phases for preparing the database update. This step-by-step preparation is intended to ensure that users are informed about the upcoming update and that processes can be terminated in a targeted manner. Alternatively, you can start the database update immediately. This skips the preparation phases.

    These are the phases:

    • Normal operation mode: The database is in normal operating mode. The update process has not yet been initiated.

    • Updating information: All database users are informed about the upcoming update. The system does accept anymore processes. The preparation phase is displayed in the program's status bar.

    • Preparing update: New users cannot log in to the database anymore. All running processes will still be completed. If this is taking a long time, check the Job queue and the DB queue for processes. The preparation phase is displayed in the program's status bar.

    • Running update: The database is ready for updating. The update can start. The preparation phase is displayed in the program's status bar.

  2. Updating the One Identity Manager schema.

    Before the schema update, the Configuration Wizard checks the database. Error messages are displayed in a separate window. The errors must be corrected manually. The schema update cannot be started until these are resolved.

    All the tables, data types, and database procedures that are required are loaded into the database by the schema update. When a migration package is imported into a One Identity Manager database, the following operations are carried out:

    Table 22: Operations on importing a migration package
    Operations Description

    Paste

    If the object is not found in the target database, a new object is created with the key values.

    Refresh

    If the object is found in the target database, the object is updated.

    Delete

    Objects that are no longer needed are deleted.

    During a schema update, calculation tasks are queued in the database. These are processed by the DBQueue Processor.

    During a schema update with the Configuration Wizard, the migration date and the migration status are recorded in the transport history of the database.

  3. Compiling the system.

    Scripts, templates, and processes are declared in the database. The System user authentication module with the specified system user is used for compilation.

  4. Uploading files for automatic software update.

    In order to distribute One Identity Manager files using the automatic software updating mechanism, the files are loaded into the One Identity Manager database.

  5. Migrating synchronization projects.

    A process that migrates all existing synchronization project is queued in the Job queue. This updates the One Identity Manager schema and applies automatic patches.

  6. Finalizing the update.

    Processes queued by the schema update are in the final stage of processing. Finally, the database is switched back to normal operating mode.

Related topics
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation