If your Workspace ONE Access virtual appliance cannot connect to the Internet for upgrade, you can perform an offline upgrade.

Two options are available for offline upgrade. You can set up an upgrade repository on a local Web server and configure the appliance to use the local Web server for upgrade. Or you can download the upgrade package to the Workspace ONE Access server and use the updateoffline.hzn script to upgrade.

Prerequisites for a Workspace ONE Access Offline Upgrade

Before you upgrade the 20.01 or 19.03 virtual appliance offline, perform these prerequisite tasks.

Important: Citrix, Horizon, Horizon Cloud, and ThinApp integrations are not available with the Workspace ONE Access 20.10 or 20.01 connectors.
  • To use ThinApp packaged applications, use VMware Identity Manager connector (Linux) version 2018.8.1.0.
  • To use other Virtual Apps, such as Horizon desktops and applications or Citrix published resources, use VMware Identity Manager connector (Windows) version
  • Take a snapshot of your virtual appliance to back it up. For information about how to take snapshots, see the vSphere documentation.
  • Verify that at least 10 GB of free disk space (/dev/sda) are available on the virtual appliance.
  • To ensure that Elasticsearch data is not deleted, prepare Elasticsearch for the upgrade.
    • Determine if multiple instances of Elasticsearch have ever run on any of the VMware Identity Manager service nodes and, if so, consolidate the data directories of the multiple instances.
      1. View the contents of the /db/elasticsearch/horizon/nodes directory.

        The goal is for one subdirectory named 0 to exist. If only the 0 subdirectory exists, you do not need to consolidate directories.

        If a second copy of Elasticsearch has run at any time, a second directory named 1 also exists. Continue with the steps to consolidate directories.

      2. If multiple Elasticsearch instances exist, stop Elasticsearch and verify all processes are stopped.

        For example, to stop Elasticsearch, run the following command.

        service elasticsearch stop

        For example, to verify all Elasticsearch processes are stopped, run the following command.

        ps -ef | grep elasticsearch

        If the grep command shows that additional Elasticsearch processes are running, kill those processes.

      3. To determine which directory within each node contains the data, search for the data in the indices directory of each node, such as the following directory: /db/elasticsearch/horizon/nodes/1/indices/.
      4. Remove the directory that does not contain the data and, if necessary, rename the remaining directory.

        If the 0 directory contains the data, remove the 1 directory.

        If the 1 directory contains the data, remove the 0 directory and rename the 1 directory 0.

      5. Restart Elasticsearch.
        service elasticsearch start
      6. Search the /opt/vmware/elasticsearch/logs/horizon.log for a message like the following:

        recovered xx indices into cluster_state

        The message indicates that the system can read the renamed data directory, where xx represents the number of directories, or indices, in the /db/elasticsearch/horizon/nodes/0/indices/ directory.

    • Remove sysconfig.cloneprep and sysconfig.iamaclone files from all cloned service nodes.
      For example, log into each service node and run the following commands as root.
      rm -f /usr/local/horizon/conf/flags/sysconfig.cloneprep
      rm -f /usr/local/horizon/conf/flags/sysconfig.iamaclone
  • To shut down the entire Elasticsearch cluster, run the service elasticsearch stop command on each node.

    Shutting down the entire Elasticsearch cluster allows the Elasticsearch version to upgrade while preventing mismatched versions from running.

  • If you revoked the db_owner role on the Microsoft SQL database, you must add it back before performing the upgrade, otherwise the upgrade fails.

    Add the db_owner role to the same user that was used during installation:

    1. Log in to the Microsoft SQL Server Management Studio as a user with sysadmin privileges.
    2. Connect to the database instance for VMware Identity Manager 19.03.
    3. Enter the following commands.

      If you are using Windows Authentication mode, use the following commands:

      USE <saasdb>;
      ALTER ROLE db_owner ADD MEMBER <domain\username>; GO 

      Make sure that you replace <saasdb> with your database name and <domain\username> with the relevant domain and username.

      If you are using SQL Server Authentication mode, use the following commands:
      USE <saasdb>;
      ALTER ROLE db_owner ADD MEMBER <loginusername>; GO 

      Make sure that you replace <saasdb> with your database name and <loginusername> with the relevant username.

  • Take a snapshot or backup of the external database.
  • Verify that VMware Identity Manager is properly configured.
  • Confirm that a Workspace ONE Access upgrade exists. Check the My VMware site at my.vmware.com for upgrades.
  • If you are upgrading using the updateoffline.hzn script and your deployment includes a proxy server, disable the proxy server.
    Disable the proxy server from the command line.
    1. Run the following command.

      The YaST2 Control Center dialog box opens.

    2. Select Network services.
    3. Select Proxy.

      The Proxy Configuration dialog box opens.

    4. If selected, deselect Enable proxy.
    5. Quit the YaST2 utility.

    After a successful upgrade, enable the proxy server again.

  • Ensure that following directory space requirements are met.
    Directory Minimum Available Space
    / 4 GB
    Directory where you download the dualbootupdate.tar.gz file, if applicable 2 GB
    Directory where you download the offline upgrade package, identity-manager- 2 GB
  • Download Photon Migration Support Tools from the Workspace ONE Access 20.10 download page on my.vmware.com and save the file to any directory in the service virtual appliance.

    Workspace ONE Access 20.10 switches from the SUSE Linux Enterprise Server (SLES) operating system to the VMware Photon™ operating system. The Photon Migration Support Tools download contains the dualbootupdate.tar.gz file, which includes the Photon operating system and its packages. The upgrade process uses the dualbootupdate.tar.gz file when migrating the operating system from SLES to Photon.