Chat now with support
Chat with Support

Identity Manager 8.1 - Installation Guide

About this Guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing and updating an application server Installing the API Server Installing, configuring and maintaining the Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Error handling Appendix: Creating a One Identity Manager database for a test or development environment from a database backup Appendix: Extended configuration of the Manager web application Appendix: Machine roles and installation packages Appendix: Settings for a new SQL Server database

Implementing the automatic software update

Permissions for Automatic Software Update
  • It is recommended that you apply full access rights to the One Identity Manager installation directory for automatic updating of One Identity Manager tools.
  • The service's user account needs full access to the One Identity Manager Service installation directory in order to automatically update One Identity Manager.

To implement automatic software updating

  1. Ensure that an update server is set up. This server ensures that the other servers are updated automatically.
    • The server must be entered in the database as a Job server with the server function Update server.
    • A One Identity Manager Service with direct access to the database must be installed and configured on the server.
  2.  Check the configuration parameter Common | Autoupdate in the Designer.
    • If the configuration parameter is set (default), One Identity Manager files, which do not have the current revision status, are updated automatically.
    • If this configuration parameter is deactivated, no automatic update is performed.
  3. Use the configuration parameter Common | AutoUpdate | AllowOutOfTimeApps to define whether the users of the One Identity Manager tools can decide when the update of their workstation takes place.
    • If this configuration parameter is set, users of One Identity Manager tools are prompted to decide whether they want to update now or later.
    • If this configuration parameter is not set, the One Identity Manager tools are updated immediately.
  4. In the configuration parameter Common | Autoupdate | ServiceUpdateType, determine which procedure is used to update the One Identity Manager Service.
    Table 28: Procedure according to configuration parameter Common | Autoupdate | ServiceUpdateType
    Method Meaning
    Queue A process that distributes all files is queued in the job queue.
    DB The files are reloaded directly from the database. Implement this procedure if all Job servers have a direct connection to the database.
    Auto All root servers are filled directly from the database. A process is set up in the Job queue for all leaf servers. For this process, the root servers must have a direct database connection.
  5. Web applications may require some individual configuration settings. Check the configuration settings.
Related Topics

Disabling automatic update

NOTE: If the configuration parameter Common | Autoupdate is deactivated, no automatic update is performed across the system.

Under certain circumstances, it is necessary to exclude individual workstations, server or web applications.

Disabling Automatic Update on Workstations

To disable automatic update locally on a workstation, set the registry key HKEY_CURRENT_USER\Software\One Identity\One Identity Manager\Global\Settings\AutoUpdateEnabled="false".

This disables automatic updating completely on this workstation.

Disabling Job Server Automatic Updating

Automatic update for Job servers is configured in the server entry. To exclude individual Job servers (for example the update server) from the automatic update, enable the following option for the Job server in Designer: No automatic software update.

Disabling automatic update of the Web Portal

You can disable Web Portal updates in the database. If the property QBMWebApplication.AutoUpdateLevel is set to the value 1 (inactive), this web application can no longer be updated via the automatic software update.

Configuring Automatic Update of an Application Server

Configure automatic updating in the application server's web.config. You can adjust the behavior with the following statements:

<autoupdate>

<!-- <add key="off" value="true" /> -->

<add key="checkinterval" value="00:05:00"/>

<add key="inactivitytime" value="00:00:10"/>

</autoupdate>

Updating One Identity Manager

Updating One Identity Manager tools includes updating the One Identity Manager database and the existing installations on One Identity Manager network workstations and servers.

Database updates are necessary when hotfixes and service packs or complete version updates are available for One Identity Manager.

  • Hotfix

    A hotfix contains corrections to the default configuration of the current main version but no extension of functionality. A hotfix can supply patches for issues solved in synchronization projects.

  • Service Pack

    A service pack contains minimal extensions of functionality and all the modifications since the last main version that were already included in the hotfixes. A service pack can supply patches with new functions for synchronization projects.

  • Version change

    A version change means that significant extensions of functionality have been made and involves a complete re-installation. A version change can supply milestones for updating synchronization projects. Milestones group together all patches for solved issues and patches required for new features of the previous version.

Detailed information about this topic

The update process for releasing a new One Identity Manager version

To update the One Identity Manager to a new version

  1. In Designer, carry out all consistency checks in the Database area.
    1. Start Consistency Editor in Designer by selecting Database | Check data consistency.
    2. In the dialog Test options click the icon .
    3. Activate all tests in the area Database and click OK.
    4. To start the check, choose the following in the menu Consistency check | Run.

      All database tests must be successful. Correct the errors. Some consistency checks offer repair methods for correcting errors.

  2. Update the administrative workstation, on which the One Identity Manager database schema update is started.
    1. Execute the program autorun.exe from the root directory on the One Identity Manager installation medium.
    2. Change to the Installation tab. Select the edition you have installed and click Install.

      This starts the installation wizard.

    3. Follow the installation instructions.

      IMPORTANT: On the Installation Settings page, select the directory for your current installation as the installation directory. Otherwise the components are not updated and a new installation is created in the second directory instead.
  3. Complete the One Identity Manager Service on the update server.
  4. Check whether the database's compatibility level is set the 130 and change it if necessary.
  5. Make a backup of the One Identity Manager database.
  6. Run the One Identity Manager database schema update.
    • Start the Configuration Wizard on the administrative workstation.
  7. Update the One Identity Manager Service on the update server.
    1. Execute the program autorun.exe from the root directory on the One Identity Manager installation medium.
    2. Change to the Installation tab. Select the edition you have installed and click Install.

      This starts the installation wizard.

    3. Follow the installation instructions.

      IMPORTANT: On the Installation Settings page, select the directory for your current installation as the installation directory. Otherwise the components are not updated and a new installation is created in the second directory instead.
  8. Check the login information of the One Identity Manager Service. Revert to the original settings if the One Identity Manager Service did not initially use the local system account for logging in. Specify the service account to be used. Specify the service account to use.
  9. Start the One Identity Manager Service on the update server.
  10. Update other installations on workstations and servers.

    You can use the automatic software update method for updating existing installations.

    NOTE: In some cases it may be necessary to update the further workstations and Job servers manually. This might be required, for example, if there are a significant number of new changes with a One Identity Manager version update, which do not allow the use of automatic update.

  11. Any required changes to system connectors or the synchronization engine are made available when you update One Identity Manager. These changes must be applied to existing synchronization projects to prevent target system synchronizations that are already set up, from failing. Patches are made available for this.

    NOTE: Some patches are applied automatically. A process that migrates all existing synchronization project is queued in the Job queue to do this. To execute the process, the One Identity Manager Service must be started on the database server and on all the synchronization servers.

    • Check whether the process DPR_Migrate_Shell has been started successfully.

      If a patch could not be applied, for example because the target system was not available, you can apply the patch manually later.

    For more detailed information about applying patches, see the One Identity Manager Target System Synchronization Reference Guide.

To update an application server to a new version

  • The application server starts updating automatically after the One Identity Manager database schema update.
  • To start the update manually, open the status page for the application in the browser and click on Update immediately in the menu for the logged in user.

To update the Web Portal to a new version

NOTE: Ensure that the application server is updated before you update the Web Portal.
  • To update the Web Portal automatically, use a browser to connect to the runtime monitor http://<servername>/<application>/monitor and start the update of the web application.
  • To manually update the Web Portal, uninstall the existing Web Portal and install the Web Portal again.

To update the Manager web application to a new version

  1. Uninstall the Manager web application.
  2. Reinstall the Manager web application.
  3. The Manager default user requires write access to the Internet Information Services web application installation directory so that Manager web applications can be updated automatically. Check that the correct permissions are allocated.
Detailed information about this topic
Related Documents