15.0 Prerequisites for Upgrading or Migrating Access Manager

Watch the following video for important considerations that you must know before starting the Access Manager upgrade:

IMPORTANT:

Access Manager 5.0 onwards, modification of nidp.jar is not recommended. If you have modified nidp.jar in the earlier release, then move those properties to nidp_custom_resources_*.properties as instructed in Customizing the Error Pages and upload the properties file to the Identity Server cluster using Advanced File Configurator. For information about how to add a file, see Adding Configurations to a Cluster in the NetIQ Access Manager 5.0 Administration Guide.
From Access Manager 5.0, modifying a configuration file directly on a device is not supported. Any modification made directly on a device is replaced when modifications made through Administration Console are applied. You must customize a configuration file using Advanced File Configurator on Administration Console. See Modifying Configurations.

Before performing an upgrade, ensure that the following prerequisites are met:

Back up your current Access Manager configuration using ./ambkup.sh command. For more information, see Back Up and Restore in the NetIQ Access Manager 5.0 Administration Guide.
The upgrade process overwrites all customized JSP files. If you have customized JSP files for Identity Server or Access Gateway, you must perform manual steps to maintain the customized JSP files. For more information, see Maintaining Customized JSP Files for Identity Server or Maintaining Customized JSP Files for Access Gateway.
If you have customized any changes to tomcat.conf or server.xml, back up the files. After the upgrade, restore the files. For information about how to restore the file, see Managing Configuration Files in the NetIQ Access Manager 5.0 Administration Guide.
If you are using Kerberos, back up the /opt/novell/nids/lib/webapp/WEB-INF/classes/kerb.properties file. After the upgrade, restore the files. For information about how to restore the file, see Managing Configuration Files in the NetIQ Access Manager 5.0 Administration Guide.

Similarly, if you are using any customized files, ensure to back it up and copy the customized content from the backed up file to the upgraded file after the upgrade is successful.
If you have made any customization in the context.xml file, back up the file.

After the upgrade, add the customized content to the upgraded context.xml file and uncomment the following lines in the context.xml file:



 </Context>

For information about how to modify a file, see Modifying Configurations in the NetIQ Access Manager 5.0 Administration Guide.
Some of the options are supported only through Administration Console. After the upgrade, configure those options through Administration Console. For the list of options that must be configured through Administration Console, see Configuring Identity Server Global Options, Configuring ESP Global Options, Defining Options for SAML 2.0 in the NetIQ Access Manager 5.0 Administration Guide.
If you have installed the unlimited strength java crypto extensions before upgrade, re-install it after the upgrade because a new Java version will be used.
Edit the /etc/hosts files on each instance and add an entry to resolve its hostname to its private IP address. For example, 10.10.10.11 kubew1

NOTE:Post-Upgrade: (Applicable for upgrading from Access Manager 5.0 release only) To avoid any mismatch of customizations seen on Advanced File Configurator user interface and the file present in the VM server, it is recommended to click the Send Configurations to Servers icon () on all non-temporary files and folders in Identity Server, Administration Console, and Access Gateway from the Advanced File Configurator user interface. This action must be performed even if file status is displayed as Configuration sent successfully on the Advanced File Configurator user interface post-upgrade.

In addition to the these prerequisites, ensure that you also meet the hardware requirements. For more information about hardware requirements, see NetIQ Access Manager System Requirements.