The first step in any upgrade process is to learn about the process itself so that you can plan and prepare appropriately. This article will help you understand the entire EmpowerID upgrade process, beginning with the relevant background information one should be aware of before starting the upgrade process
As IAM implementations are complex by nature and typically impact the most sensitive and integrated enterprise directories and applications with the technology infrastructure, successfully upgrading EmpowerID cannot be taken without understanding the processes involved
The below image shows the flow for performing a successful upgrade
When upgrading EmpowerID, you must be logged in as a user with rights to alter the EmpowerID database on the target SQL server. Additionally, please make sure you have saved any customizations to EmpowerID workflows in a custom package to avoid having the restoration process overwrite your custom workflows. |
This phase of the upgrade process is for determining the "why" and "what" for performing an upgrade. You should determine beforehand the reason for the upgrade, what is the goal of the upgrade and what is expected from the upgrade. This includes the following points:
You should run the EmpowerID System Prep tool to check whether your current environment supports all system prerequisites needed by the new version.
You can download the EmpowerID System Prep tool at https://support.empowerid.com/hc/en-us/articles/205653018-How-to-use-the-EmpowerID-System-Preparation-Tool |
EmpowerID Database and Server UpgradePerform the following steps to upgrade your EmpowerID Database, Front-End and Application Servers.
|
After determining that your system meets the requirements for the upgrade, you need to do the following to prep your system for the upgrade process:
The first step in performing the upgrade of EmpowerID is to update the database with the new schema and default data required by the new version of EmpowerID. This section walks you through using the SQL tools and scripting required to perform this upgrade.
This utility application is used to upgrade the target database with any new schema elements as well as any additional default data records that are required by the new version of EmpowerID. The method of upgrading the schema of the database is to generate an XML file with the current database schema of the target database (your current EmpowerID database), compare it to the shipping version XML file provided, and then generate an XML file with the deltas between the two XML files. This Delta file will then be used to upgrade the schema of the target database.
Once the schema has been upgraded, a series of SQL scripts will be run against the target database to populate any missing default data records into the database that are necessary for the new functionality of the upgraded EmpowerID system.
The database upgrade should be performed from one of the tools servers that has the SQL Management Studio loaded. Within these instructions, “Target Database” will refer to the EmpowerID database that is being upgraded, and “Source Database” will refer to the new database reference database that was restored to the SQL server.
The process for upgrading the EmpowerID database differs depending on your current version of EmpowerID. If you are using a build that is prior to 142 you need to first follow the steps for upgrading the database to build 142 and then follow the steps for upgrading the database from build 142 to the latest version of EmpowerID. If you are upgrading from build 142 or newer, go directly to step two. |
The upgrade must be performed in a Development environment first. Please review Upgrading EmpowerID#Upgrade Best Practices before you continue. |
From the SQL Upgrade folder, run UI.exe as an administrator to start the schema upgrade process. This can be run on any server as long as it has connectivity to the SQL server that has the original EmpowerID database and the clean copy you are restoring. It doesn't need to be on the SQL server itself, but please download the Files in step 4 of the preparation on the same server you are running the Upgrade from).
If you have not run the prerequisites for the SQL upgrade utility then you might need to install SharedManagementObjects and SQLSysClrTypes located in the SQL Upgrade folder. |
Click OK when prompted to review differences between objects.
Run the following command to execute all the schema changes, stage data import and sync data into the database :
.\applyDbChanges.ps1 -conStr 'Connection string From EmpowerID Server' -filesPath '.\' -execSql $true -importTblData $true |
Once these steps are completed, perform an update statistics and then backup the upgraded database once more. You may now proceed to upgrading EmpowerID on the server.
For the EmpowerID Programs upgrade, you will go through the upgrade process on one of the web servers first, perform the workflow studio components updates, then go back and upgrade the remaining EmpowerID servers. The installation of the EmpowerID program will proceed normally through the standard installation process with one exception being related to the launching of the configurator. EmpowerID does not support the upgrade process in silent mode.
Launch the configurator in install mode by opening a command prompt and enter the following command, including the quotes:
“c:\Program Files\TheDotNetFactory\EmpowerID\Programs\ EmpowerID.Configurator.exe“ install |
This opens the configurator and pulls in the settings of the previous installation from the database. Review the settings and adjust any that need to be changed for this installation.
The settings on the Web Server, Web Applications, and Services panels will need to be re-selected in order to set the new web site and services configuration. You will also have to re-enter the service identity credentials. |
If you have made any customizations to EmpowerID interfaces, workflows, components and other items, you will need to address each of the below as applicable for your environment.
Search for and run the EmpowerID Configurator one more time. On the Miscellaneous tab press the green arrow to execute the minification bundler to re-minify the JavaScript that was added in the CDN scripts folder. Press OK at the success prompt and then close the configurator without saving.
Any customization that has been done to workflows, libraries and components in EmpowerID will need to be republished. To do so, you need to manually republish EID Components and perform a batch refactor and publishing of all customized objects. The below steps demonstrate how to do this.
The first item that will need to be republished is the EID Components class library. This class library contains the the critical extensions and dependencies that many of the other class libraries and workflow objects require to function.
In the Batch Build area, select the objects to be refactored and published.
When selecting objects to be refactored, do not select any Alert Event Receivers. These must be republished manually. This is demonstrated in step 7. |
In the message box that appears, click Yes. Workflow Studio will now begin recompiling and republishing items. Workflow Studio will restart multiple times as it progresses its way through the various publishing steps for each of them.
If there is an error during publishing of workflows, Workflow studio tries to republish the failed ones and keeps on restarting without any progress. If you observer such behavior, run the query: “Select * from BPMRefactorItem” and make a note of output rows. Then, delete the rows corresponding to the failed workflows from BPMrefactorItem table using the following query: “Delete BPMRefactorItem”. Let the EmpowerID team know about this. |
Once Workflow Studio has completed refactoring and republishing the bulk items, it will end with a dialog box that shows the completed items. At this point, go ahead and restart the workflow studio.
The final step is to manually republish the two Alert Event receivers. In Workflow Studio, open each of the event receivers (Account Lockout Alert Handler, Person Lockout Alert Handler) and press the compile and publish button, following the same process as you followed when compiling and publishing the EID Components class library. Once these are published, you may close Workflow Studio.
IAM implementations are among the most complex deployments that an organization can take on as they typically impact the most sensitive and integrated enterprise directories and applications within the technology infrastructure. The implementations require both EmpowerID and Customer resources with a wide array of expertise. Proper and thorough testing is key to a successful completion of IAM projects. In a typical upgrade, testing includes the following:
This is performed to validate proper functionality of the system after the upgrade. The specific areas of testing are:
This is performed to validate specific components, bug fixes and customizations and testing the system as a whole after the upgrade. It focuses on workflows that have been customized and implemented for the customer. The teams should use a risk-based approach focusing on lessons learned from prior upgrades (JIRA cases and patches delivered since last upgrade). As an example, a custom workflow is tested to ensure it executes without errors and that the data is valid after workflow execution. This testing is not meant to validate every single scenario in the requirements documents or prior statements of work. The responsibility of testing each detailed scenario must be covered as part of a detailed UAT test plan.
This testing is always performed by customer staff. This team should include end users of the system. The objective here is to conduct end-to-end testing of user stories and scenarios to ensure the system is fit-for-purpose. UAT should include a dedicated team of end-users for testing and providing feedback. This phase is the most common source for project delays. The UAT process should include reviewing prior statements of work, preparing detailed test cases covering all scenarios, assigning test cases, executing them and documenting results in an iterative manner. A typical UAT iteration looks like this:
The UAT phase typically takes 1-3 sprints (2-6 weeks) and could be longer depending on the complexity of the system. This is usually followed by a final hardening sprint (2 weeks) to complete regression testing and prepare the solution for production deployment. It should be understood that acceptance testing could go on indefinitely if not properly staffed and planned or if there is no proper classification of issues. Since it can become economically feasible to closure every issue, the issues are either deemed as “must-haves” or “deferred” for a future release.
The customer must communicate the timeframe for completing the UAT testing (needed for the Project Plan) and provide adequate time to EmpowerID for addressing “must-have” issues. EmpowerID will make efforts to address the prioritized issues as quickly as practical, since the UAT is the last stage prior to the sign-off from customer. The customer is expected to accept the solution after the “must-have” issues have been addressed.
EmpowerID supports the current and previous major version of the software. As an example, EmpowerID currently supports all 2019 and 2018 versions |
The technical support team provides ongoing support and guidance to customers using EmpowerID. Customers will also have access to all fixes, updates, fixes and patches. This is the customers first line of help for understanding and using EmpowerID. The process involves opening a ticket in JIRA, an online issue tracking system, and interacting with technical support personnel through JIRA (primarily), online GoToMeeting sessions and email/phone. Technical Support must be renewed annually for a fee. With Technical Support, the customer is in the driver’s seat and responsible for supporting all end users. The customer is expected to have a trained and certified help desk proficient in using available resources such as project documentation, training materials and product documentation which is located at https://docs.empowerID.com etc. to effectively support their end users. EmpowerID Technical Support team is available to customer help desk personnel to offer guidance on troubleshooting EmpowerID specific issues, reviewing logs and to answer advanced questions that go beyond the material covered in product training.
Professional services are meant for specific projects. Professional services picks up where Technical Support leaves off. This typically entails hands-on implementation and deployment activities such as software installation, system upgrades, configuration, systems integration, customizations (custom workflows, connectors, UI etc.), testing, personalized customer training and go-live support. Here, the customer defines the objectives and the Professional services team will design, deploy and test the solution to achieve the objectives. This is an excellent option for customers that are short on time and trained staff, and want to offload the work to EmpowerID. With Professional Services, EmpowerID is in the driver’s seat, and must be able to remotely access customer systems to install and upgrade the software, configure it, write scripts (or perform code review or modify your existing scripts), integrate with other systems, perform trouble-shooting etc. Professional Services is always accompanied by a statement of work which includes scope and cost information.
Below is an example of the labor associated with an EmpowerID upgrade. Upon request, EmpowerID professional services can provide an estimate for your system upgrade. Other than creating the DB upgrade scripts, you may choose to perform all parts of the upgrade process.
Task | Labor (man-days) |
---|---|
Planning | ~3 days |
EmpowerID DB Upgrade | ~3 days (EmpowerID must create and provide the DB scripts for the upgrade; this should not be done by the Customer) |
EmpowerID Server Upgrade (1 app server) | ~1 day |
Upgrading the Customizations | ~5 days (depends on complexity) |
Testing | ~10 days (depends on complexity) |
User Acceptance Testing | ~10 - 30 days (UAT is done by customer's UAT team) |
Go-live assistance | ~3 days |
Sub Total | ~25 days |
Project Management | ~5 days |
Total | ~30 days |
|