Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Upgrade Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Authentication Services What's new in Authentication Services 4.1 Upgrade from 3.5 to 4.1 considerations Upgrade the web console Upgrade Authentication Services Windows components Configure Active Directory for Authentication Services Configure Unix agent components Upgrade Authentication Services client components manually Getting started with Authentication Services Troubleshooting

Upgrade the web console

In preparing for your Authentication Services upgrade, One Identity recommends that you install or upgrade Management Console for Unix first. This provides a mangement console that is a powerful and easy-to-use tool that dramatically simplifies deployment, enables management of local Unix users and groups, provides granular reports on key data and attributes, and streamlines the overall management of your Unix, Linux, and Mac OS X hosts.

Note: Of course, you can install Authentication Services without using Management Console for Unix. (For more information, see Upgrade Authentication Services client components manually.) However, for the purposes of the examples in this guide, it is assumed that you will install and configure the Authentication Services Unix agent components by means of Management Console for Unix.

Installing and configuring the management console

The easiest way to install and configure Authentication Services Unix agent components is by means of Management Console for Unix.

Note: The procedures in this topic assume you do not have Management Console for Unix already installed.

To install the mangement console on a supported Windows platform

  1. Mount the Authentication Services 4.1 distribution media.

    Autorun starts automatically.

    Note: To start the Autorun installation wizard, you can also navigate to the root of the distribution media and double-click autorun Application file.

  2. From the Authentication Services Autorun Home page, click the Setup tab.
  3. From the Setup tab, click Management Console for Unix.

    The install wizard guides you through the rest of the setup dialogs:

    • Management Console for Unix License Agreement
    • Configure TCP/IP Port
    • Completing the Management Console for Unix installation
  4. On the Complete dialog, clear the Launch the Management Console option and click Finish to exit the install wizard and return to the Authentication Services Autorun Setup tab.

    Once you have installed Management Console for Unix, you are ready to install or upgrade the Authentication Services Windows components.

Upgrade Identity Manager for Unix 1.x web console

The process for upgrading the Web console from an older version is similar to installing it for the first time. The installer detects an older version of the console and automatically upgrades the components.

Note: The procedures in this topic assume you have Identity Manager for Unix 1.x installed.

Before you begin the upgrade procedure, close the Web console and make a backup of your database.

To upgrade the Web console

  1. Backup the 1.0 database files:
    1. Shutdown the HSQLDB server.

      Management Console for Unix uses a HSQLDB (Hyper Structured Query Language Database) to store its data such as information about the hosts, settings, users, groups, encrypted passwords, and so forth.

    2. Copy the /var/opt/quest/imu data directory to a backup location.

      Note: Refer to Appendix D: Database Maintenance in the One Identity Management Console for Unix Administration Guide for more information about the database locations and filenames.

      Once you backup the database file, you are ready to start the upgrade.

  2. Mount the Authentication Services 4.1 distribution media.

    Autorun starts automatically.

    Note: To start the Autorun installation wizard, you can also navigate to the root of the distribution media and double-click autorun Application file.

  3. From the Authentication Services Autorun Home page, click the Setup tab.
  4. From the Setup tab, click Management Console for Unix.
  5. Click Yes when the installer detects an older version of the mangement console and asks if you want to continue.

    The install wizard guides you through the rest of the setup dialogs:

    • Management Console for Unix License Agreement
    • Configure TCP/IP Port
  6. When the installer asks if you want to uninstall the previous version of the console, you can opt to leave the older version installed and continue the 2.x installation.

    Note:

    Once you are satisfied with the upgrade, you can uninstall 1.x at a later time.

    • On Windows, the Identity Manager for Unix Uninstaller is available from the Start menu at Quest Software | Identity Manager for Unix
    • On Unix, run the following command as root:
      /opt/quest/imu/uninstall
    • On Mac OS X, with root privileges, navigate to /opt/quest/imu and double-click Identity Manager for Unix Uninstaller.

    While you can have both the older and the newer versions of the mangement console installed, you can not run both at the same time.

  7. On the Complete dialog, leave the Launch the Management Console option deselected and click Finish to exit the install wizard and return to the Authentication Services Autorun Setup tab.

    Once you have installed Management Console for Unix, you are ready to install or upgrade the Authentication Services Windows components.

  8. After the upgrade, reassign Active Directory users to specific roles.

    The upgrade from 1.x to 2.x assigns any previously existing Active Directory to the Manage Host role. To assign Active Directory users to additional roles, navigate to Preferences | System Settings | Roles and Permissions. (See Add Role Members in the mangement console online help for details.)

Note:

After an upgrade from version 1.x to 2.x, please note the following:

  • You must re-profile all managed hosts before you begin using the new features of Management Console for Unix.
  • Because the encryption mechanism was changed, cached host credentials (that is, passwords cached by the supervisor account or Active Directory users with console access) are not migrated when you upgrade from 1.x to 2.x. Users will have to re-enter their passwords for hosts they manage the next time they perform tasks on the hosts and choose to cache them again on the server.
  • The host address in the Console host address box on the Console Information settings may have been entered as a simple address in version 1.0. To perform some tasks in version 2.x without error, such as auto-profiling, the Console host address must be a Fully Qualified Domain Name.

Related Topics

Reset custom configuration settings

Reset custom configuration settings

When upgrading from version 1.0 to 2.x or higher, there are some steps you must take to reset any custom configuration settings you had in the previous version.

The upgrade procedure makes a .bak copy of your configuration file (jvmargs.cfg.bak) at the root of your installation directory. After you upgrade the mangement console from version 1.0 to 2.0, to reset any custom configuration settings you may have made in the previous version, compare the jvmargs.cfg.bak file with the new jvmargs.cfg file to see if you had any custom settings. For example, if you had increased the JVM Memory size in the previous version, then you will want to add the JVM Memory setting argument to the custom.cfg file. (See Overwriting Default Configuration Settings in the mangement console online help for more information about customizing configuration settings for the mangement console.)

Note: Do not change the jvmargs.cfg directly; the settings in the custom.cfg file overwrite the default settings in jvmargs.cfg.

By default, the installation directory is located at:

  • On Windows 64-bit platforms:
    %SystemDrive%:\Program Files\Quest Software\Management Console for Unix
  • On Windows 32-bit platforms:
    %SystemDrive%:\Program Files (x86)\Quest Software\Management Console for Unix
  • On Unix/Mac OS X platforms:
    /opt/quest/mcu
Related Documents