Environment

PhenixID Server 1.x

Situation

PhenixID Server 1.x is installed.

Version 2.0 should now be installed and configured.

The scenario here is not an actual upgrade but new installation and transfer of configuration.

A new installation will be made, this can be on new server or same server. If same server is to be used, please be aware that this will cause service downtime during installation and configuration.

Another option if using same server is to use different ports temporarily for the new installation. These ports can then be changed back to default when installation and configuration is done and version 2.0 will take over from earlier version. Please be aware that this option can take a bit longer.

When installation of 2.0 is done, the Scenarios in PhenixID Server will be used to set the basic configuration. After that transfer of specific configuration in earlier installation will take place.

Remember to have full backup of earlier installation.

Prerequisites and information needed

Prerequisite

Please see server requirements here:
Server requirements

Information needed for new installation/configuration

• Operating System for PhenixID Server installation
• New license system has been introduced for version 2.0, so new license file (.p12) is needed
• Ports in use
  • Port for administrative GUI
  • Port for Self Service, if used
  • Port for OTP Admin, if used
  • Port used by RADIUS
  • Ports used by Hazelcast cluster, if used
• What type of Scenarios has been made, ie RADIUS, OTPAdmin, Self Service
• What type of LDAP store is used, address, port and service account used
• Encryption key/Passwords/Shared Secrets
  • Encryption key used in earlier installation (used to transfer tokens)
  • Password for LDAP service account
  • Credentials for PhenixID Message Gateway
  • RADIUS Secret(s)
  • Password used for *.p12
• What kind of delivery methods are in use, ie SMS, SMTP
• Is there any third party SMS gateways configured
• Is tokens being used
• Standalone or cluster
• Is there a proxy in place for internet access
• Has the PhenixID default certificate been replaced
• Has any certificates been added to the JAVA trust store, cacerts
• Has there been any changes done to text in template files, like SMS or SMTP (meaning the text that is sent to users with OTP)
• To prepare for new version the following files contain important information (remember that some of these contain password, although encrypted):
  • /bin/start-PhenixID.sh (Linux)
  • /bin/*.vmoptions (Windows)
  • /classes/cluster.xml
  • /conf/log4j.xml
  • /conf/boot.json
  • /conf/phenix-store.json
  • /conf/phenix-tokens.json
  • /resources/*.xml and/or *.p12
  • Any template files where text has been changed
• If any customization has been done to the web pages, please follow new documentation for version 2.x, found here:
  Self Service
• To verify communication and credentials use PhenixID Testtool found here:
  Testtool
  Copy the files into <PhenixIDServerinstallationdirectory>/bin and start with testtool.sh/bat.

Installation and transfer of configuration

Please note that if installation is being done on same server as earlier version, the ports for new installation must be different. This can then be changed.

1. Start by following these instructions to install PhenixID Server version 2.x:
   Installation 2.0
2. Copy the encryption key from earlier installation (boot.json) to the new one. Make sure that you set it for com.phenixidentity~phenix-store-json (NOT store-mpl).
3. If this is a parallell installation, remember to change the ports before starting the service. If not set during installation, change the default port for administrative GUI in /config/boot.json and the port for the database in /config/orientdb-server-config.xml. The change for orientdb must also be set in boot.json using the parameter:
   “db_url”:”remote:127.0.0.1:2425″
   This parameter is set on the module ,like this
   “name”: “com.phenixidentity~phenix-store-mpl”,
   “config”: {
   “password”: “TUCB88bU2HwgXygO2PWuP”,
   “encryption.key”: “1234”,
   “export_start”: “01:00”,
   “export_interval”: “24H”,
   “export_generations”: “3”,
   “db_url”:”remote:127.0.0.1:2425″
   }
4. Configure proxy settings, if in use
5. Start the PhenixID Server (On Windows make sure to use phenixidserver.exe, NOT the service)
6. Login to PhenixID Configuration Manager on the following URL:
   •    https://<hostname_or_ip>:8443/config/
7. Configure the Scenarios needed for your environment
8. Use /bin/testtool to verify the configuration
9. Now transfer any manual settings from earlier installation (made in phenix-store.json)
10. Use /bin/testtool to verify the configuration
11. Add any remaining configuration from the earlier installation. Such as certificate, log settings or changes to default texts in template files.
12. If the ports has been temporarily changed, set them back now
13. NOTE! If tokens has been used in earlier installation, insert phenix-tokens.json in /config from your previous installation and add the following parameters:
    “migrate_tokens” and “decryption.key”
    into /config/boot.json in the section “name”: “com.phenixidentity~phenix-store-mpl”
    to migrate them from earlier phenix-tokens.json into the new database.
    Section should now look like this:
    “name”: “com.phenixidentity~phenix-store-mpl”,
    “config”: {
    “password”: “mplpassword”,
    “encryption.key”: “mplencrypt”,
    "migrate_tokens": "true",
    "decryption.key" : "YOUR encryption.key"
    }
14. Stop earlier service and start new version. For parallell installation make sure to revert changes that has been made for the ports, if new server with new ip make sure to make the necessary changes on the systems protected by PhenixID Server.
15. After complete startup, remove the parameters set for migration of tokens in step 13.