You upgrade to VMware Identity Manager version 3.3.7 directly from VMware Identity Manager 3.3.6. Before you upgrade the VMware Identity Manager virtual appliance online, perform these prerequisite tasks.

• To capture the entire state of the virtual appliance before you update, take a snapshot of your virtual appliance.

  For information about how to take snapshots, see the vSphere Virtual Machine Administration guide.

• Before you upgrade from 3.3.6 to 3.3.7, verify the health of the Elasticsearch service in 3.3.6. Go to the System Diagnostic Dashboard in the VMware Identity Manager console and review the Integrated Components section. Confirm that the values for the Elasticsearch items are green. If the state displays as red, fix the Elasticsearch issues before upgrading. See the Troubleshooting Elasticsearch Cluster Health: VMware Workspace ONE Access Operational Tutorial guide.

  When you upgrade to VMware Identity Manager 3.3.7, Elasticsearch is migrated to OpenSearch version 1.3.5 which is embedded in the Workspace ONE appliance for auditing, reports, and directory sync logs. During the migration all closed indices, search indices (which will be rebuilt) and Elasticsearch version 5.6.15 audit indices containing multiple document types, which are not supported in OpenSearch, are deleted.

• When you use an external Microsoft SQL database, if you revoked the db_owner role on the Microsoft SQL database, as described in the 3.3 version of the Installing and Configuring VMware Identity Manager for Linux guide, you must add it back before performing the upgrade, otherwise upgrade fails.

  Add the db_owner role to the same user that was used during installation:

  1. Log in to the Microsoft SQL Server Management Studio as a user with sysadmin privileges.
  2. Connect to the database instance for VMware Identity Manager.
  3. Enter the following commands.

     If you are using Windows Authentication mode, use the following commands:

     USE <saasdb>;
     ALTER ROLE db_owner ADD MEMBER <domain\username>; GO 
     						  

     Make sure that you replace <saasdb> with your database name and <domain\username> with the relevant domain and user name.

     If you are using SQL Server Authentication mode, use the following commands:

     USE <saasdb>;
     ALTER ROLE db_owner ADD MEMBER <loginusername>; GO 
     						  

     Make sure that you replace <saasdb> with your database name and <loginusername> with the relevant user name.

• Take the appropriate snapshots.
  • Take a snapshot of each VMware Identity Manager appliance in your deployment.
  • If you are using an external Microsoft SQL database, take a snapshot or backup of the external database.
• Verify that the virtual appliance can resolve and reach vapp-updates.vmware.com on ports 80 and 443 over HTTP.
• If an HTTP proxy server is required for outbound HTTP access, configure the proxy server settings for the virtual appliance. See Configure Proxy Server Settings for the VMware Identity Manager Appliance.
• Confirm that SSL certificates requirements are met.

  If you are using VMware Identity Manager with VMware vRealize Automation 8.4, configure SSL certificates following the instructions in Enable Tenant-In-Host Name Multi-Tenancy with vRealize Automation 8.x.

• Directory Space Requirements for upgrading from 3.3.3, 3.3.4, or 3.3.5 to 3.3.6 is 4 GB. Ensure that the directory space requirements for an online upgrade are met.
• If you are upgrading from VMware Identity Manager 3.3.2, you must first perform an offline upgrade from 3.3.2 to 3.3.5; upgrade from 3.3.5 to 3.3.6, and then upgrade from 3.3.6 to 3.3.7. For the 3.3.2 to 3.3.5 upgrade, you must download the VMware Identity Manager Service Virtual Appliance Dual Boot Update from the VMware Identity Manager 3.3.5 product download page on my.vmware.com and save the file to any directory in the VMware Identity Manager virtual appliance.

  For more information about upgrading from version 3.3.2 to 3.3.5, see Upgrading to VMware Identity Manager 3.3.5 (Linux).