As many ForgeRock customers will be aware, ForgeRock 13.x will reach end of life at the end of this year, with 5.5 following in April 2021 :-(
If this is daunting for you, or you are worried about budget / expertise then Midships can support your upgrade using our low cost accelerators for ForgeRock Access Manager (openAM) and Directory Services (openDJ) to reduce the complexity and therefore the overall risk, time and cost of the upgrade process.
It's also worth noting that by upgrading to the latest version you will be able to take advantage of some great new features including authentication trees as well as move to containerised services.
The remainder of this blog shows you how our upgrade accelerator works...
The ForgeRock upgrade tool is a combination of automated infrastructure tools and an intuitive UI that will upgrade your ForgeRock stack typically in less than one hour (and often less than 30 minutes) requiring minimal configuration such as hostnames, paths and keys.
The UI is divided in two tabs, one for upgrading the existing Directory Services servers and another one to upgrade the Access Manager instances.
For our blog, we are going to use the following FR deployment:
ForgeRock architecture is composed by two highly available openAM instances and two highly available openDJ directories with self-replication enabled that will serve as Configuration, Token and Identity store.
Note that the upgrade tool is fully scalable and is not restricted to a certain number of replicas for OpenAM or OpenDJ instances. Also note that the upgrade is also suitable for customers with dedicated DJ instances for token/config and identity stores.
We can verify that the OpenDJ instances are running the specified version (3.5.3) and that they are self-replicating data:
We can also verify the cluster configuration and OpenAM version on the deployed OpenAM instances:
The Upgrade...
We start by running our self contained upgrade accelerator and updating our tab for openDJ:
Once we configure the required parameters and select "Deploy to Pipeline" this will trigger the execution of a job in our pipeline that will manage the upgrade of the targeted servers.
When the pipeline job is finished, we can verify on the OpenDJ servers that they have been successfully upgraded to the latest DS version (6.5.3):
and IT'S DONE...
For openAM it is much the same, simply update our tab for open AM:
Once we configure the required parameters and select "Deploy to Pipeline" this will trigger the execution of a job in our pipeline that will manage the upgrade of the targeted servers.
When the pipeline job is finished, we can verify on the OpenAM servers that they have been successfully upgraded to the latest version (6.5.2):
and IT'S DONE...
With regard to any bespoke plugins, we can migrate those as part of the upgrade by just placing the relevant AM plugins (Jar files) into the /plugins folder in the AM upgrade accelerator source control. This will ensure that no bespoke feature is lost during the upgrade process.
Note that where the plugins use Java Code that has been deprecated these will need to be updated before you switch across.
To learn more about our upgrade accelerator or see a demo please contact us at folkert@midshios.io