Before upgrading
Before starting to upgrade the product, verify that your network has the minimum required supported versions of the operating system, product, and database.
Supported operating systems
To obtain an updated list of the supported operating systems, see Supported Operating Systems.
For a complete list of system requirements (disk spaces, temporary spaces and RAM usage), see HCL Workload Automation Detailed System Requirements.
Supported databases
For an up-to-date list of supported databases, see Supported Software.
Product level prerequisites for master domain manager and its backup, dynamic domain manager and its backup, and agents
Before you start the upgrade, verify that your environment has the required product level prerequisites. For a complete list of product level prerequisites, see HCL Workload Automation Detailed System Requirements.User authorization requirements
UNIX™ and Linux™ operating systems- root access
Windows™ operating system-
If you set the Windows User Account Control (UAC), your login account must be a member of the Windows™ Administrators group or domain administrators group with the right Act as Part of the Operating System.
You must run the installation as administrator.
SSL mode configuration
- the SSL Encryption Cipher parameter is set to TLSv1.2
- If the SSL Encryption Cipher parameter is not used, but one of
the following parameters is used:
- ssl tls12 cipher
- ssl tls11 cipher
- ssl tls10 cipher
Upgrading to 10.1 Fix Pack 1 or later using custom certificates
In 10.1 FP1 version, the JWT feature has been introduced. Performing an upgrade of the master domain manager to 10.1 FP1 from any previous version, can potentially cause problems with JWT functionality if the master domain manager is using custom certificates with a custom label.
<!-- Starting JWT Token configuration -->
<!-- JWT configuration for DA -->The new elements listed above identify the certificate using the server label, instead of the custom label defined in the keyName properties. This prevents WebSphere Application Server Liberty Base from signing new JWTs.
- Update the <jwtBuilder> elements by modifying the keyAlias property to the correct value.
- To verify the signature of a JWT received in a connection from another entity, WebSphere Application Server Liberty Base retrieves the public
information associated to the certificate from the
<WA_DATA>/usr/servers/engineServer/resources/security/TWSServerTrustFile.jks
file. You can find the public information in the keyName=”${mp.jwt.trust.key}”
property within the <mpJwt> elements. These elements use a
variable which is declared within the new jwt_variables.xml file
that is created in the overrides folder after the
upgrade:
<server description=”jwt_variables”> <variable name=”mp.jwt.trust.key” value=”twstrustkey”/> </server> - Also, add the public information only of the custom certificate in the TWSServerTrustFile.jks file, under that alias (overwriting the already existing one).
- Alternatively, it is possible to add it as a new entry with a new label, but the jwt_variables.xml file should be updated accordingly. For more information, see Enabling API Key authentication after upgrading.
- The agent must have the public information associated to the certificate used by the master domain manager when creating a new JWT. The reason for this is that also the agent needs to verify the signature of a JWT received from the master domain manager. Therefore, it is required to also add the public information only of the custom certificate of the master domain manager (the file that was added in the TWSServerTrustFile.jks file on the master domain manager) in the TWSClientKeyStore.kdb file of the agent.
Downloading installation images
Before starting to upgrade, download the installation images. For further information, see Downloading installation images on your workstation