If IBM® Security Identity Governance and Intelligence is connected to
an Oracle database, you must update the database by configuring it for the new version of Identity Governance and Intelligence.
Before you begin
Make sure that the following prerequisites are in place:
- The Oracle Server version 12c must be installed. It is the minimum version level
that is required for updating to IBM Security Identity Governance and Intelligence
Version 5.2.5.
- The migration script can be launched directly on the server that hosts the Oracle DBMS or on
another computer where the Oracle Client is installed.
- You must know the common database parameters such as the IP address, server port, and SID.
About this task
The following tags customize the IBM Security Identity Governance and Intelligence
Oracle database installation.
Table 1. Tags to customize the IBM Security Identity Governance and Intelligence Oracle database installation
Tags |
Description |
IgiSID |
Oracle database instance name (SID) |
DBServer |
Oracle Server IP address or DNS name |
DBPort |
Oracle listener port |
ServiceName |
Oracle Service Name |
The scripts for the upgrade of the database can be found in one of these
locations:
- In Passport Advantage amongst the IBM Security Identity Governance and Intelligence V5.2.5 (5.2.5.1) eAssemblies. Follow these steps
to find the scripts:
- Find in the product package the zip file that corresponds to the
IBM Security Identity
Governance component_name v5.2.5
(5.2.5.1) Database Installation Scripts and Tools
eAssembly. Copy the file to your database
server and unpack it.The DB_Tools directory is unpacked.
- In the DB_Tools directory, find and unpack file
SEC_IDNTY_GVN_INTL_xxx_V5.2.5_DT_IN_.zip (where
xxx can be CMP, ANL, LFC, or IEE, depending on the license under which you are
using the product).
Amongst the unzipped files, you find the oracle
directory.
- Change path to the oracle directory and unpack file
oracle_installation.zip.
Amongst the unzipped files, you find the
oracle_installation directory.
- Change path to the oracle_installation directory and unfold the
migration directory.
Amongst the other files and folders, the
migration directory includes the files that you are looking for.
- In file DBupdate.zip in the 5.2.5.0-ISS-SIGI-VA-FP0000
(5.2.5.0-ISS-SIGI-VA-FP0001) package that is available in IBM Fix Central. Follow these steps to find the scripts:
- Unpack DBupdate.zip.
- Change path to the oracle directory and unfold the
migration directory.
Amongst the other files and folders, the
migration directory includes the files that you are looking for.
In the
migration folder, the scripts (
.sh or
.bat) for upgrading the Oracle database to
Identity Governance and Intelligence
Version 5.2.5 are the following (you must select only
one):
- oracle_update_from521
- Upgrades your database from Version 5.2.1 to Version 5.2.5.
- oracle_update_from522
- Upgrades your database from Version 5.2.2 to Version 5.2.5.
- oracle_update_from523
- Upgrades your database from Version 5.2.3 to Version 5.2.5.
- oracle_update
- Upgrades your database from Version 5.2.4 to Version 5.2.5.
Depending on the version from which you are upgrading Identity Governance and Intelligence
, copy one of these files to a directory
of your choice; for example,
<your_path>/<UPDSCRIPTDIR>. Then,
edit and run the script in the procedure that follows to update your Oracle database to Version 5.2.5.
Procedure
-
Stop the Security Identity Governance and Intelligence server from the
virtual appliance dashboard.
-
Configure the tnsnames.ora file.
-
Browse to the tnsnames.ora file.
For example,
oracle_home/db/network/admin
-
Edit the file in a text editor such as vi or Notepad.
-
If the network instance is not configured correctly, add the following section.
<IgiSID> =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = <DBserver>)(PORT =
<DBport>))
)
(CONNECT_DATA =
(SERVICE_NAME = < ServiceName>)
)
)
Example
1
XE =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.0)(PORT = <1521>))
)
(CONNECT_DATA =
(SERVICE_NAME = <XE>)
)
)
Example
2
MYDB =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = <oracle_server_ip>)(PORT = <1521>))
)
(CONNECT_DATA =
(SERVICE_NAME = <MyDB_service_name>)
)
)
-
On UNIX and Linux systems, change the file permissions in the installation directory.
-
Use the following command to change directory to
<UPDSCRIPTDIR>:
cd <your_path>/<UPDSCRIPTDIR>
-
Use the following command to ensure that the database user has
write
permission to access the log file output:
-
Set the ORACLE_HOME variable in accordance with your specific Oracle client or server
installation. All the next steps in the procedure assume that the
sqlplus
executable is located in the <ORACLE_HOME>/bin directory.
Enter the following command to connect to the database and to check that the configuration
works:
If the connection test ended successfully, you can exit from the
sqlplus
with the following command:
exit
-
Configure the oracle_update_xxx.sh or
oracle_update_xxx.bat file.
-
Locate the folder that contains the oracle_update_xxx
file.
cd <your_path>/<UPDSCRIPTDIR>/oracle/migration
-
With a text editor, open the oracle_update_xxx file
that matches your upgrade path as explained in section About this task.
-
Modify the ORACLE_BASE and ORACLE_HOME variables
according to your installation.
These variables are necessary for sqlplus to work.
-
Modify the ORACLE_SERVER variable with the value of
IgiSID previously configured in the tnsnames.ora file.
-
If you changed the default product password from
ideas
, update it in the
SCHEMA_PWD variable.
-
Connect as the Oracle instance owner (for example, oracle),
run the update script that you just edited, and record the results in the log file.
For example, on UNIX and Linux
systems:
find . -name \*.sh -exec dos2unix {} \;
./oracle_update_from522.sh > upgrade.log
On
Windows systems:
oracle_update_from522.bat > upgrade.log
During the migration procedure, for some particular conditions, these diagnostic messages can be
present in the log file.
"NO FLOW <something> FOUND".
and
ERROR near line 10:
SQL0438N Application raised error or warning with diagnostic text: "DEFAULT PRIORITY UNDEFINED".
These
messages do not identify an error of the procedure and can be ignored.
- If you upgrade to Fix Pack 1, among the directories that were unpacked from
DBupdate.zip, find the
..\schemas\script\oracle\upgrade_fixpack\cumulative_patch.sql script and run it
with the
sqlplus
command.
-
Start the Security Identity Governance and Intelligence server from the
virtual appliance dashboard.
What to do next
Upgrade the virtual appliance.