Sailpoint IdentityIQ Tomcat Upgrade

Sailpoint IdentityIQ Tomcat Upgrade (9.0.54) version

Upgrade Steps

1. Stop  tomcat services on each node
2. <copy the installer in tmp directory from local machine>
3. cd /tmp
4. cp apache-tomcat-9.0.54.zip /apps
5. cd /apps
6. unzip apache-tomcat-9.0.54.zip
7. rm -rf apache-tomcat-9.0.54.zip
8. chmod 777 -R apache-tomcat-9.0.54
9. mv tomcat bkp_apache-tomcat-8.5.34
10. mv apache-tomcat-9.0.54 tomcat
11. chmod 777 -R tomcat
12. cd /apps/bkp_apache-tomcat-8.5.34/bin
13. cp setenv.sh /apps/tomcat/bin
14. cd /apps/bkp_apache-tomcat-8.5.34/conf
15. cp tomcat-users.xml server.xml /apps/tomcat/conf
16. cp -R Catalina/ /apps/tomcat/conf
17. cd /apps/tomcat/conf
18. chmod 777 -R Catalina/

IIQ Application setup

1. cd /apps/tomcat/webapps
2. rm -rf examples docs
3. cd /apps/bkp_apache-tomcat-8.5.34/webapps
4. cp -R identityiq /apps/tomcat/webapps
5. cd /apps/tomcat/webapps
6. chmod 777 -R identityiq/

Repeat the all the above steps on each server.

Performance Tuning for Application Server Apache Tomcat for Sailpoint IdentityIQ

 Performance Tuning for Application  Server Apache Tomcat  for Sailpoint IdentityIQ

1. UI Server

Create a file with name setenv.sh inside /tomcat/bin Directory

# Begin settings to support SailPoint IdentityIQ application.

export CATALINA_OPTS="$CATALINA_OPTS -Xms512m"

export CATALINA_OPTS="$CATALINA_OPTS -Xmx4096m"

export CATALINA_OPTS="$CATALINA_OPTS -XX:MaxGCPauseMillis=200"

export CATALINA_OPTS="$CATALINA_OPTS -XX:+UseG1GC"

# Support time-out of LDAP pooled connections for 3 seconds to all LDAP servers.  

export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.jndi.ldap.connect.pool.timeout=3000"  

export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.jndi.ldap.connect.pool.protocol='plain ssl'"  

export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.jndi.ldap.connect.pool.authentication='none simple DIGEST-MD5'"  

export CATALINA_OUT=/logs/tomcat/catalina.out

# -End- settings to support SailPoint IdentityIQ application.  

export JAVA_OPTS="$JAVA_OPTS -Dhttp.proxyHost=<proxy server>"

export JAVA_OPTS="$JAVA_OPTS -Dhttp.proxyPort=<port>"

export JAVA_OPTS="$JAVA_OPTS -Dhttp.nonProxyHosts=*.company.com\|abcd"

Comment the below line from tomcat/conf/server.xml file

<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443"  maxThreads="512"/>

Perform below steps for rewrite URL

Add line - <Valve className="org.apache.catalina.valves.rewrite.RewriteValve" /> in server.xml

/apps/tomcat/conf/Catalina/localhost/rewrite.config 

RewriteCond %{HTTP_HOST}  ^abcd.*

RewriteRule ^/$ /identityiq

2. Task Server

Create a file with name setenv.sh inside /tomcat/bin Directory

# Begin settings to support SailPoint IdentityIQ application.

export CATALINA_OPTS="$CATALINA_OPTS -Xms1024m"

export CATALINA_OPTS="$CATALINA_OPTS -Xmx6144m"

export CATALINA_OPTS="$CATALINA_OPTS -XX:+UseParallelGC"

# Support time-out of LDAP pooled connections for 3 seconds to all LDAP servers.  

export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.jndi.ldap.connect.pool.timeout=3000"  

export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.jndi.ldap.connect.pool.protocol='plain ssl'"  

export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.jndi.ldap.connect.pool.authentication='none simple DIGEST-MD5'"  

export CATALINA_OUT=/logs/tomcat/catalina.out

# -End- settings to support SailPoint IdentityIQ application.

export JAVA_OPTS="$JAVA_OPTS -Dhttp.proxyHost=<proxy server>"

export JAVA_OPTS="$JAVA_OPTS -Dhttp.proxyPort=<port>"

export JAVA_OPTS="$JAVA_OPTS -Dhttp.nonProxyHosts=*.company.com\|abcd"

3. All Server

Remove docs and examples directory from /apps/tomcat/webapps

Set tomcat/conf/tomcat-users.xml with proper username and password

Create Directory /logs/tomcat