Chatta subito con l'assistenza
Chat con il supporto

Identity Manager 9.3 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing additional modules for a existing One Identity Manager installation Installing and updating an application server Installing and updating an API Server Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Advanced configuration of the Manager web application Machine roles and installation packages Configuration parameters for the email notification system How to configure the One Identity Manager database using SQL Server AlwaysOn availability groups

Automatic updating of the One Identity Manager Service

Automatic software update is the default method for updating the One Identity Manager Service on servers. However, the update method takes into account that it may be necessary to exclude certain servers from being updated automatically and to update them manually.

For every query of process steps, the One Identity Manager Service returns the current status of the software revision semaphore. If this value differs from the value in the database, the Job server is labeled as "updating" in the database and no more normal process steps are sent to it.

The Job server is updated depending on the procedure set in the Common | Autoupdate | ServiceUpdateType configuration parameter.

First, the start time of the last change is determined from the SoftwareRevision.viv file. A list is compiled of all files with additional information specifying whether each file is new or not. This list is evaluated on the Job server to be updated and another list is compiled specifying which files will be updated.

To do this, the service obtains an AutoUpdate process from the server. which loads the Update.zip file and the update process begins.

If updating with the new process cannot be completed because, for example, there is no direct connection to the database or an application server, the files are transfer by process steps in the Job queue (fallback). In this case, any existing update steps from the module library might not be run.

One Identity Manager Service is restarted if any one of the files has changed on the Job server. After the update is completed, the Job server label is reset in the database.

Automatic updating of web applications

In principle, web applications support automatic software updates. However, a few web applications may require extra configuration to take part in automatic software updating.

The following permissions are required for automatic updating:

  • The user account for updating requires write permissions for the application directory.

  • The user account for updating requires the local security policy Log on as a batch job.

  • The user account running the application pool requires the Replace a process level token and Adjust memory quotas for a process local security policies.

Updating the web application requires restarting the application. The web application is restarted automatically by the web server when it has been idle for a defined length of time. This may take some time or be hindered by continuous user requests. Some web application offer you the option to restart manually.

If the web application update is identified, new files are copied from the database to a temporary directory on the server.

The application then loads the Update.zip file from the database or from the application server, which is unpacked in a temporary directory.

The Update.exe starts, waits until the web application process has shutdown, and copies the files from the temporary directory to the web application's directory.

Related topics

Implementing the automatic software update

The following permissions are required for automatic software updating:

  • It is recommended that you apply full access permissions to the One Identity Manager installation directory for automatic updating of One Identity Manager tools.

  • The service's user account needs full access to the One Identity Manager Service installation directory in order to automatically update One Identity Manager.

To implement automatic software updating

  1. Ensure that an update server is set up. This server ensures that the other servers are updated automatically.

    • The server must be entered in the database as a Job server with the server function Update server.

    • A One Identity Manager Service with direct access to the database must be installed and configured on the server.

  2. In the Designer, check the Common | Autoupdate configuration parameter.

    • If the configuration parameter is set (default), One Identity Manager files that do not have the current revision status, are updated automatically.

    • If this configuration parameter is not set, no automatic update is performed.

  3. Use the Common | AutoUpdate | AllowOutOfTimeApps configuration parameter to define whether the users of the One Identity Manager tools can decide when the update of their workstation takes place.

    • If this configuration parameter is set, users of One Identity Manager tools are prompted to decide whether they want to update now or later.

    • If this configuration parameter is not set, the One Identity Manager tools are updated immediately.

  4. In the Common | Autoupdate | ServiceUpdateType configuration parameter, determine which procedure is used to update the One Identity Manager Service.

    Table 22: Methods under to the configuration parameter Common | Autoupdate | ServiceUpdateType
    Method Meaning

    Queue

    A process is queued in the Job queue that distributes the files.

    DB

    The files are reloaded directly from the database. Implement this procedure if all Job servers have a direct connection to the database.

    Auto

    All root servers are filled directly from the database. A process is set up in the Job queue for all leaf servers. For this process, the root servers must have a direct database connection.

  5. Web applications may require some individual configuration settings. Check the configuration settings.

Related topics

Disabling automatic software update

NOTE: If the Common | Autoupdate configuration parameter is deactivated, no automatic update is performed across the system.

Under certain circumstances, it is necessary to exclude individual workstations, server, or web applications.

Disabling workstation automatic update

To disable automatic update locally on a workstation, set the HKEY_CURRENT_USER\Software\One Identity\One Identity Manager\Global\Settings\AutoUpdateEnabled registry key to false.

This disables automatic updating completely on this workstation.

Disabling a Job server automatic update

Configure the Job server automatic update in the Job server entry.

To exclude individual Job servers from updating automatically

  1. In the Designer, select the Base Data > Installation > Job server category.

  2. Select the Job server to be edited in the Job server overview.

  3. On the Properties tab, enable the No automatic software update option.

  4. Select the Database > Save to database and click Save.

Disabling automatic application server update

Configure automatic updating in the application server's Manager web application file. For more information, see Updating application servers.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione