5 Upgrading Oracle Access Manager Multi-Data Center Environments
You can upgrade Oracle Access Manager deployed across multi-data centers (MDC) from 12c (12.2.1.3.0) to 12c (12.2.1.4.0).
Note:
To upgrade Oracle Access Manager MDC environments to 12c (12.2.1.4.0), ensure that all of the data centers (DC) are at the same Patch Set level.
When you plan to upgrade to 12c (12.2.1.4.0), you can choose to have zero down time by stopping the data center that needs to be upgraded, and routing all the traffic to the other data centers. Once the upgrade has been completed on one data center, it can start and function as an independent data center. You can then redirect all the traffic to the upgraded data center.
- About the Oracle Access Manager Multi-Data Center Topology
The sample Oracle Access Manager Multi-Data Center topology has two data centers — Primary data center and Clone data center. - Roadmap for Upgrading Oracle Access Manager MDC Setup
Use the upgrade roadmap to upgrade your Oracle Access Manager multi-data center setup to 12c (12.2.1.4.0). - Backing Up the Existing MDC Environment
Before you begin with the upgrade, take a back up of your existing environment. - Enabling Write Permission to Primary and Clones (If Necessary)
Before you start the upgrade, you must enable modifications to the system and policy configurations on both Primary and Clones. - Disabling and Deleting All Replication Agreements Between Primary and Clone
Disable all replication agreements between the Primary and the Clone data centers. - Redirecting Traffic to Primary Data Center
An in-line upgrade procedure is used to upgrade the Clone data center which requires downtime. Therefore, all traffic must be rerouted to the Primary data center. - Upgrading Oracle Access Manager on Clone Data Center
Upgrade Oracle Access Manager on Clone data center to 12c (12.2.1.4.0) after you redirect the traffic to Primary data center. - Redirecting Traffic to Clone Data Center
An in-line upgrade procedure is used to upgrade the Primary data center which requires downtime. Therefore, all traffic must be rerouted to the Clone data centers (also referred to as, the backup data centers or the secondary data centers). - Upgrading Oracle Access Manager on Primary Data Center
Upgrade Oracle Access Manager on Primary data center to 12c (12.2.1.4.0) after you redirect the traffic to clone data center. - Freezing all Changes to Clones (if Necessary)
After you upgrade Oracle Access Manager on all of the Clone data center(s), it is recommended that you freeze the changes to the Clone data center(s). This is to avoid any inadvertent writes. - Syncing Access Metadata
Oracle Access Manager metadata stored in Unified Data Model (UDM) needs to be synced from Primary to Clone. - Creating Replication Agreement
Create the replication agreement again after upgrading the Primary and the Clone data centers. - Bringing up the Primary and Clone Data Centers Online
After successful upgrade, both Primary and Clone data centers can be brought up online. Traffic can be routed to both data centers based on existing routing rules.
Parent topic: In-Place Upgrade of Oracle Access Manager
About the Oracle Access Manager Multi-Data Center Topology
The sample Oracle Access Manager Multi-Data Center topology has two data centers — Primary data center and Clone data center.
The procedure in this chapter describes how to upgrade Oracle Access Manager in a MDC setup similar to the reference topology provided in this section. You can use this upgrade procedure to upgrade your environment with any number of data centers.
Figure 5-1 Oracle Access Manager in Multi—Data Center Setup
Description of "Figure 5-1 Oracle Access Manager in Multi—Data Center Setup"
This figure shows a Primary data center and a Clone data center, each of them including a full Access Manager installation. In this topology, GTM refers to the global load balancer, LTM refers to the local load balancer, and WG refers to the WebGate. The S2S OAP is the Oracle Access Protocol.
Roadmap for Upgrading Oracle Access Manager MDC Setup
Use the upgrade roadmap to upgrade your Oracle Access Manager multi-data center setup to 12c (12.2.1.4.0).
Table 5-1 Oracle Access Manager MDC Upgrade Roadmap
| Task | For More Information |
|---|---|
|
Review the Oracle Access Manager multi-data center topology. |
See About the Oracle Access Manager Multi-Data Center Topology |
|
Back up your existing environment. |
|
|
Enable write permission to Primary and Clone data centers, if not already done. |
See Enabling Write Permission to Primary and Clones (If Necessary) |
|
Disable and delete all replication agreements between Primary and Clone data centers. |
See Disabling and Deleting All Replication Agreements Between Primary and Clone |
|
Redirect the traffic to the Primary data center. |
|
|
Upgrade Oracle Access Manager on Clone data center. |
|
|
Redirect the traffic to the Clone data center. |
|
|
Upgrade Oracle Access Manager on Primary data center. |
|
|
Freeze all changes to the Primary and Clones, if required. |
|
|
Sync the access UDM data by exporting the access store data from Primary data center and importing it on the Clone data center. |
|
|
Create the replication agreement again. |
|
|
Bring up the Primary and Clone data centers online. |
Backing Up the Existing MDC Environment
Before you begin with the upgrade, take a back up of your existing environment.
-
ORACLE_HOME: the Oracle Home directory. -
Oracle Access Manager Domain Home directory on all OAM hosts.
-
Following Database schemas:
-
Oracle Access Manager schema
-
Audit and any other dependent schema
-
For more information about backing up schemas, see Oracle Database Backup and Recovery User's Guide.
Enabling Write Permission to Primary and Clones (If Necessary)
Before you start the upgrade, you must enable modifications to the system and policy configurations on both Primary and Clones.
- Go to the
ORACLE_HOME/common/bindirectory.For example:
ORACLE_HOME/oracle_common/common/bin - Run the following command on the Primary and Clone data
centers:
cd ORACLE_HOME/oracle_common/common/bin ./wlst.sh setMultiDataCenterWrite(WriteEnableFlag="true")
Disabling and Deleting All Replication Agreements Between Primary and Clone
Disable all replication agreements between the Primary and the Clone data centers.
Redirecting Traffic to Primary Data Center
An in-line upgrade procedure is used to upgrade the Clone data center which requires downtime. Therefore, all traffic must be rerouted to the Primary data center.
Upgrading Oracle Access Manager on Clone Data Center
Upgrade Oracle Access Manager on Clone data center to 12c (12.2.1.4.0) after you redirect the traffic to Primary data center.
Redirecting Traffic to Clone Data Center
An in-line upgrade procedure is used to upgrade the Primary data center which requires downtime. Therefore, all traffic must be rerouted to the Clone data centers (also referred to as, the backup data centers or the secondary data centers).
For more information, see Updating the JDK After Installing and Configuring an Oracle Fusion Middleware Product.
Upgrading Oracle Access Manager on Primary Data Center
Upgrade Oracle Access Manager on Primary data center to 12c (12.2.1.4.0) after you redirect the traffic to clone data center.
Freezing all Changes to Clones (if Necessary)
After you upgrade Oracle Access Manager on all of the Clone data center(s), it is recommended that you freeze the changes to the Clone data center(s). This is to avoid any inadvertent writes.
- Go to
ORACLE_HOME/common/bin. - Run the following command:
ORACLE_HOME/oracle_common/common/bin/wlst.sh SetMultiDataCenterWrite(WriteEnableFlag="false")
Syncing Access Metadata
Oracle Access Manager metadata stored in Unified Data Model (UDM) needs to be synced from Primary to Clone.
exportAccessStore and importAccessStore. These commands need to be executed after you upgrade all of the data centers and before creating the new replication agreement. This exports the UDM artifacts created till that point, from the Primary data center and imports them in the Clone data center(s).
To sync the UDM metadata, complete the following steps:
Creating Replication Agreement
Create the replication agreement again after upgrading the Primary and the Clone data centers.
Note:
Ensure that Primary and Clone data centers REST endpoints are up and running, before you run this command.
curl -u <repluser> -H 'Content-Type: application/json' -X POST 'https://supplier.example.com/oam/services/rest/_replication/setup' -d '{"name":"DC12DC2", "source":"DC1","target":"DC2","documentType":"ENTITY"}'
For more information about creating a replication agreement, see Creating a Replication Agreement in the Administrator's Guide for Oracle Access Manager.
Bringing up the Primary and Clone Data Centers Online
After successful upgrade, both Primary and Clone data centers can be brought up online. Traffic can be routed to both data centers based on existing routing rules.