This is the first of two blogs that will walk you through the process to upgrade VMware Identity Manager™ (Workspace ONE® Access™) standalone version 3.3.6 to 3.3.7.
VMware Identity Manager (Workspace ONE Access) 3.3.7 is a minor release that includes updates for open-source software and third-party dependencies and includes a fix for VMSA-2022-0032.
Upgrading to VMware Identity Manager (Workspace ONE Access) 3.3.7
The following upgrade paths are supported:
- From version 3.3.6, you upgrade directly to version 3.3.7
- From version 3.3.3, 3.3.4, and 3.3.5, you must upgrade directly to version 3.3.6 before upgrading to 3.3.7
- From version 3.3.2, you must first upgrade to version 3.3.5, then upgrade from 3.3.5 to 3.3.6 and then to 3.3.7.
Notes:
- To access the Appliance Settings page in the VMware Identity Manager console, make sure that you are assigned the Operator role for the default tenant.
- To configure the SMTP settings, you must be logged in as an operator user of the default tenant from system domain, not as the admin tenant.
- Tenant admins of non-default tenants are not authorized to configure SMTP settings.
- Migrate VMware vRealize Automation (VMware Aria Automation™) 7.5 or 7.6 Business Groups to vRealize (VMware Aria Automation) Version 8.4.
VMware products that can upgrade to VMware Identity Manager (Workspace ONE Access) 3.3.7
vRealize (VMware Aria) Products such as VMware vRealize Automation™ (VMware Aria Automation), VMware vRealize Suite Lifecycle Manager (VMware Aria Suite Lifecycle™), VMware vRealize® Operations™ (VMware Aria Operations™), VMware vRealize® Business™ for Cloud, VMware vRealize® Log Insight (VMware Aria Operations™ for Logs), and VMware vRealize® Network Insight™ (VMware Aria Operations™ for Networks) for authentication and SSO can upgrade to VMware Identity Manager (Workspace ONE Access) 3.3.7.
vRealize (VMware Aria) products that are deployed and managed through vRealize Suite Lifecycle Manager (VMware Aria Suite Lifecycle) can consume VMware Identity Manager (Workspace ONE Access) versions 3.3.2 to 3.3.7. vRealize Suite Lifecycle Manager (VMware Aria Suite Lifecycle) can also now handle a brand-new installation of VMware Identity Manager (Workspace ONE Access) 3.3.7 or an upgrade to 3.3.7 from VMware Identity Manager (Workspace ONE Access) 3.3.6.
Note: When you upgrade to VMware Identity Manager (Workspace ONE Access) 3.3.7, Elasticsearch is migrated to OpenSearch version 1.3.5 which is embedded in the Workspace ONE appliance for auditing, reports, and directory sync logs. During the migration all closed indices, search indices (which will be rebuilt) and Elasticsearch version 5.6.15 audit indices containing multiple document types, which are not supported in OpenSearch, are deleted.
Refer to the Upgrade Guide for more information.
Upgrade VMware Identity Manager (Workspace ONE Access) standalone version 3.3.6 to 3.3.7
In this how-to, we are upgrading VMware Identity Manager standalone version 3.3.6 to 3.3.7.
1. Download the VMware Identity Manager upgrade file from the customer connect site. Select file name “identity-manager-3.3.7.0-21173100-updaterepo.zip”.
2. Upload the offline file to VMware Identity Manager appliance path /var/tmp directory.
3. SSH into VMware Identity Manager appliance to ensure that the offline file is already there in the /var/tmp directory.
4. Take the snapshot before upgrading.
5. Check the status of the VMware Identity Manager system diagnostics page.
- Enter the URL <example.com>/SAAS/admin into the VMware Identity Manager admin console.
- In the Access admin dashboard, navigate to Dashboard > System Diagnostics Dashboard to check there are no system problems.
6. Check that the directory space on / (root) partition has at least 4 GB for upgrading.
7. Run the updateoffline.hzn script as the root user and reboot after you upgrade.
/usr/local/horizon/update/updateoffline.hzn [-r] -f upgradeFilePath
Follow the command and then press “enter”.
/usr/local/horizon/update/updateoffline.hzn -f /var/tmp/identity-manager-3.3.7.0-21173100-updaterepo.zip
The process upgrade will be displayed below.
8. Continue by typing “y”.
9. After the status update is complete, the VMware Identity Manager appliance must be rebooted.
10. After upgrade completed, Login to VMware Identity Manager admin console to check the status of the VMware Identity Manager system diagnostics page.
- Enter the URL <example.com>/SAAS/admin into the VMware Identity Manager admin console.
- In the Access admin dashboard, navigate to Dashboard > System Diagnostics Dashboard to check there are no system problems.
Technical advice and recommendations
VMware Identity Manager (Workspace ONE Access) handles many things, including risk-based conditional access, single sign-on, the unified app and resource catalog, automation based on device or user compliance state changes, the connector for VMware cloud services that power things like the VMware Workspace ONE Intelligent Hub and VMware Workspace ONE Intelligence, and integrations with other components like Trust Network, VMware NSX™, and VMware SD-WAN™.
Upgrading VMware Identity Manager (Workspace ONE Access) will help lower security risks and new features and functions will include the end of general support.
As always, reach out to your Technical Adoption Manager if you need assistance and stay tuned for part two of this how-to series. If you don’t have a Technical Adoption Manager assisting you, contact your VMware Sales Representative to learn more about VMware Technical Adoption Management Services™.
