Wednesday, August 22, 2012

Upgrade plans of OAM 10g to 11g

I presume many people are curious to know about OAM upgrade from 10g to 11g versions. Well, here is the point!!

There is no direct upgrade plan yet because the 11g version is released for OSSO customers extremely. However to upgrade OAM to 11g here are my thoughts:

  1. Architecture is totally revamped in 11g. OAM server is a java based application deployed on WebLogic server. However 10g servers are stand-alone. 
  2. 10g WebGates are backward compatible with OAM 11g server. 11g WebGates are provided only for OHS server. So if your environment has Apache or IHS servers then you can continue to use 10g Webgates with agent registration.
  3. Policy Domains concept is enhanced with sessions. So you can pass on several session attributes in authorization actions. 
  4. If there is a custom plug-in to extrapolate concurrent users scenario, then it is just a checkbox enablement in 11g - much easier, is not it!!
  5. Any custom authentication plug-ins developed in 10g using C/C++ has to be rebuilt using java tech in 11g.
  6. Any Identity XML features used in 10g has NO upgrade or replacement. All the identity features are part of OIM 11g.
  7. If there is a password management features used, then execute the features using OIM 11g.
  8. If you are using RSA token authentication then it is not certified in 11g - Oracle has plans to release this soon.
  9. If you are using Sharepoint integrated with OAM 10g, then Sharepoint 2010 is certified with OAM 11g. Check out this post.
  10. EBS is certified with OAM 10g and 11g versions. In 11g, it is access gate version rather than OSSO delegation.
Therefore, to upgrade OAM 10g to 11g, all the needs to be manually created/configured from the scratch.
If your environment has RSA token as main authentication, then it is better to upgrade to 11gR2 directly as OAM 11gR1 is not certified. OAM 11gR2 - RSA integration guide is here.

The latest IAM release 11.1.2 has upgrade plans from 11gR1.
Upgrading OAM 11gR1 (11.1.1.5) is here.
Unlike OIM, there is a direct upgrade plan from OAM 10g to OAM 11gR2, documentation is here.

7 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. Ashutosh,

    Do you see it wrong mentioning IBM http server here? IHS has 10g webgates supported for OAM 11g env.

    ReplyDelete
  3. Hi Mahendra,

    This is a very helpful and concise overview of the migration strategy from OAM 10G to 11G. Thanks for this.
    However am curious about point 6 in your summary that IDXML features used in 10g has NO upgrade or replacement.
    So let's say I have an elaborate user and group manager setup in my 10G environment which includes attribute access control, delegated administration, and most importantly workflows defined in them to create users, updated passwords etc.
    How do I migrate these when I upgrade to OAM 11g?

    Does OAM 11G provide an equivalent or similar feature in its system to support this?
    Or is it expected that OAM 11G needs to be mandatorily coupled with OIM 11g for this?

    Regards,
    Abhishek.

    ReplyDelete
  4. Hi Mahendra,

    This is a very helpful and concise overview of the migration strategy from OAM 10G to 11G. Thanks for this.
    However am curious about point 6 in your summary that IDXML features used in 10g has NO upgrade or replacement.
    So let's say I have an elaborate user and group manager setup in my 10G environment which includes attribute access control, delegated administration, and most importantly workflows defined in them to create users, updated passwords etc.
    How do I migrate these when I upgrade to OAM 11g?

    Does OAM 11G provide an equivalent or similar feature in its system to support this?
    Or is it expected that OAM 11G needs to be mandatorily coupled with OIM 11g for this?

    Regards,
    Abhishek.

    ReplyDelete
  5. Hi Mahendra,

    not sure if my last comment got posted, but I wanted to understand a bit more on point 6 in your post wherein OAM-11g has NO upgrade or replacement for the identity features in it.
    So if I have an elaborate user manager and group manager setup in OAM-10g that includes attribute access control, delegated administration and workflows, does OAM-11gR2 have no way to support the same post upgrade?
    So it does not provide any interface for dealing with the life cycle management of users at all?
    In other words OAM 11G makes in mandatory to be coupled with OIM 11g to handle user management activities?

    Regards,
    Abhishek.

    ReplyDelete
  6. Mahendra you can use oamMigrate WLST to migrate Policy's

    ReplyDelete
  7. Thanks Pedro. I will add that in the post.

    ReplyDelete