So it's time to upgrade to the latest Novell Identity Manager code. This is a rather straight-forward process but still one you'll want to run through a test environment.

I came across a few hiccups in test that I didn't hit in production, but this only helps in the preparation.

I have two eDirectory Trees to contend with. Tree 1 has eDir, MAD, Delimited Text drivers. Tree 2 has eDir, GroupWise, and UserApplication drivers. All IDM servers are OES2 Netware with the exception of the UserApplication server. This is required to be linux.

The really good news is all these drivers will work together at different version levels, allowing you to take your time in the completing the process.

Here is my take on the process of getting to the latest and greatest.

Approach

Prepare for the upgrade
Test roll-back plan
Upgrade the Meta-directory engine in Tree 1
Upgrade the drivers in Tree 1
Upgrade the MAD remote loader and PassSync.
Upgrade the Meta-directory engine in Tree 2
Upgrade the drivers in Tree 2
Install new UserApplication

I have chosen to create a new install of the UserApplication as currently it's only used for password self-service. The original server is a SLES9 box and the new one I want to be an SLES 10.1 box.

Prepare for the upgrade

1. Upgrade IDM servers in both Trees to NW65SP7
2. Upgrade Security Services to 2.0.5
3. Upgrade NMAS to 3.2.0.1
4. Export current driver sets
5. Export each individual driver in both sets
6. Refresh documentation of current settings noting passwords etc
7. Rename sys:\ni\update directory on both IDM servers
8. All software including previous versions of IDM to hand.
9. Set trace level on all drivers to 3

Roll-back plan

1. Ensure there is a current backup of the SYS volume
2. Export of all drivers

Should the installation fail with no ability to continue:

1. remove the new software if possible
2. Install previous version of software

Should the upgrade of the drivers fail with no ability to continue:

1. Delete drivers in driver set and re-import or;
2. Delete driver set and re-import.

Update Process

Schema update

Schema updates are done as part of the Installation of the IDM 3.5.1 Metadirectory engine. This is done once per tree.

TREE 1 (1hr 30mins)
1. Set all drivers to manual start and apply.
2. Stop all drivers
3. Install Metadirectory Server, Web components and utilities to server
4. Deselect all drivers and select

Delimited Text
eDirectory

5. Select Application components
6. Complete install and restart the server
7. Load DSTRACE and set DSTRACE to DXML and DVRS
8. Start all drivers and confirm no errors on trace
9. Apply authorization to Directory set
10. restart all drivers to check for authorization
11. Upgrade eDirectory driver and restart
12. Upgrade Delimited Text driver and restart
13. Upgrade Active Directory driver and restart


AD remote loader (30mins)
1. Stop AD remote loader on Domain Controller.
2. Edit settings and set trace level to 3
3. Copy the remote loader config file C:\Novell\RemoteLoader\ADRemoteLoader-Config.txt to ADRemoteLoader-Config.backup
4. Install new remote loader and start

TREE 2 (1hr 30mins)
1. Set all drivers to manual start and apply.
2. Stop all drivers
3. Export individual drivers and driver set
4. Install Metadirectory Server, Web components and utilities to server
5. Deselect all drivers and select

GroupWise
eDirectory

6. Select Application components
7. Complete install and restart the server
8. Load DSTRACE and set DSTRACE to DXML and DVRS
9. Start all drivers and confirm no errors on trace
10. Apply authorization to Directory set
11. Restart all drivers to check for authorization
12. Upgrade eDirectory driver and restart
13. Upgrade GroupWise driver and restart
14. Upgrade UserApplication driver and restart


UserApplication Install
(Yet to be completed)
1. Install new SLES 10.1 server
2. Install additional software including development tools
3. Create a new instance of the IDM UserApplication using different port number to the original
4. Duplicate settings between UserApp drivers but leave the new one stopped
5. Install and configure UserApplication on new server


Problems encountered

Problem: Error updating NMAS methods during IDM install on server.
Solution: Rename sys:\ni\update directory

Problem: Error on eDir driver start using certificates
Solution: Re-issue certificates using the NDS-to-NDS certificate wizard

Problem: Unable to deploy new UserApplication driver from Designer
Solution: Run Project Checker in Designer and redeploy


And there you have it, an upgraded IDM system.

Tags: Identity Manager, IDM, Netware