Identity Manager 8.1 - Installation Guide

About this Guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing and updating an application server Installing the API Server Installing, configuring and maintaining the Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Error handling Appendix: Creating a One Identity Manager database for a test or development environment from a database backup Appendix: Extended configuration of the Manager web application Appendix: Machine roles and installation packages Appendix: Settings for a new SQL Server database

Registering the One Identity Manager Service in a cluster

Once registered, the One Identity Manager Service is governed by cluster handling for site resilience and load balancing. The service is installed on a virtual server which simulates the cluster. All computer related operations and service data operate, transparently, with the virtual server and not the real computer (cluster nodes). This also applies to clients that contact the service through the server name, for example RPC (ORPC, DCOM), TCP/IP (Winsock, Named Pipes), HTTP.

Because the service is in the context of the virtual server, note the following facts:

  • The service-specific settings for the node on which the virtual server is located are replicated to all other nodes. The service, therefore, always has the same configuration independent of the node on which it is actually started.
  • The service is always started only on the current node of the virtual server (the virtual server's current node). The service is stopped on all other nodes.
  • The service is booted and shutdown with the virtual server. If the cluster is not enabled, the service is stopped on all nodes.
  • Services on nodes are brought automatically in the required state (manual or stopped) before registration by the program.
Related Topics

Installing and configuring the One Identity Manager Service in a cluster

The installation of server components from the One Identity Manager installation medium needs to be done on all the physical nodes of the cluster.

NOTE: In the configuration of the JobServiceDestination, the parameter Queue must contain the name of the virtual server.

After saving the configuration, the configuration file in the One Identity Manager Service installation directory needs to be copied to all the physical nodes. Here you must not change the name of the configuration file.

NOTE: One Identity Manager Service configuration is not part of a cluster resource. Thus, each node keeps its own configuration. For this reason, it is necessary to ensure that the configuration files on the physical nodes are consistent. If this is not the case, correct functionality cannot be guaranteed after changing cluster nodes.

Setting up a Cluster Resource for the One Identity Manager Service

In the Cluster Administrator program, set up a new cluster resource for the One Identity Manager Service and make this available online. For information about this procedure, refer to Microsoft Technet under http://technet.microsoft.com/en-us/library/cc787285(WS.10).aspx. Note the following when creating the cluster resource:

  • Select the resource type Generic Service.
  • Select the following One Identity Manager Service dependencies.
    • Cluster IP address
    • Cluster name
    • Quorum; for example, disc: D
  • Do not enter anymore registration keys.

NOTE: After setting up the One Identity Manager Service in a cluster system it is advisable to simulate a failover so that possible problems with the cluster do not arise during live operations.

Storing the One Identity Manager Service log file on a Shared Volume
  • In the Cluster Administrator program, set up a new cluster resource for the and make this available online. Note the following when creating the cluster resource:
    • Select the File Share resource type.
    • Select at least the following dependency:

      One IdentityOne Identity Manager Service

  • In the configuration file of the One Identity Manager Service, adapt the directory information in the Log file (OutPutFile) parameter of the log writer.
  • Copy the configuration file to all the physical cluster nodes in the One Identity Manager Service install directory after you have changed it.
Related Topics

Automatic updating of One Identity Manager

Particularly local installation and updating of software can prove to be a problem due to the distributed structure of servers and workstations. To help guarantee an acceptable workload for network administrators, a method for updating One Identity Manager automatically has been developed for One Identity Manager. Apart from updating the usual One Identity Manager installation files, new custom files can be simply added to the procedure and are, therefore, distributed to workstations and servers in the One Identity Manager network using the automatic software updating mechanism.

Detailed information about this topic

Basics for automatic software update

All files in a One Identity Manager installation are saved with their name and binary code in QBMFileRevision in the One Identity Manager database. The file size and hash values of each file are stored to identify them. Additionally, each file's affiliation to machine roles and installation packages is entered in the table QBMFileHasDeployTarget.

The necessary files are loaded into the One Identity Manager database and updated when a hotfix, a service pack or a full version update is run.

In the database, a semaphore software revision is maintained. When a file is added, changed or deleted in the database, the semaphore value is recalculated by the DBQueue Processor. In every One Identity Manager installation directory there is a file Softwarerevision.viv. This file is assigned the permissions Read only and Not visible in the file system, and therefore is not normally displayed by the operating system.

The Softwarerevision.viv contains the following information.

  • The installation revision number

    The revision status is determined from the value of the Softwarerevision semaphore in the database.

  • The start time of the last modification

As of One Identity Manager version 8.0, the Update.zip file is stored in the QBMFileRevision table. The file plays a central role in automatic updating. The Zip archive contains all the files that are required on the clients or server for updating the product. The Zip archive is not part of the One Identity Manager installation data but is recreated after the database has been updated by the Configuration Wizard and also the Software Loader.

The Zip archive contains the following files:

  • Update.exe

  • VI.Base.dll

  • NLog.dll

  • Newtonsoft.Json.dll

  • InstallManager.Msi.dll

  • InstallManager.Core.dll

The zip archive is extended with all files from the installation data that correspond to the name filter *.Update.dll. This makes it possible for different modules to contribute more functionality to the automatic update.

In addition, the installation directory of all One Identity Manager installations contains the file InstallState.config. This file contains information about the installed machine roles, installation packages and files.

Whether a software update is required, depends on the comparison of semaphore values from the database and the file .softwarerevision.viv If semaphore values vary, machine roles for the computer or server are determined based on the InstallState.config. Each file belonging to a machine role is check to see if the file is known to the database.

If the file exists in the data, the following checks are made:

  • Has the file size changed?

    If this is the case, the file is added to the list of files to be updated.

  • Has the hash value changed?

    If this is the case, the file is added to the list of files to be updated.

New files that have been loaded into the One Identity Manager database through a hotfix, a service pack or a version update are also added to the list. All the files in the list are updated.

All actions are logged in the file update.log. After the update has finished, the current semaphore value is copied from the database to the file softwarerevision.viv.

Related Topics
Related Documents