Upgrade the nodes in your VMware Identity Manager cluster one at a time. Expect some downtime during upgrade and plan the timing of your upgrade accordingly.

Important: When VMware Identity Manager is deployed with vRealize Suite Lifecycle Manager, the best practice is to perform all lifecycle operations, including a VMware Identity Manager upgrade, using vRealize Suite Lifecycle Manager. See the vRealize Suite Lifecycle Manager 8.4 Installation, Upgrade, and Management guide, specifically the Upgrade VMware Identity Manager topic.

Offline upgrades without Lifecycle Manager are supported only for single node deployments, not for cluster deployments.

The way load balancing is implemented in your VMware Identity Manager deployment can vary, which affects the procedures you perform.

Note: For the purposes of load balancing, consider references in the documentation that follow to VMware Workspace ONE Access and VMware Identity Manager to be interchangeable.

For general load-balancing information, see the 3.3 version of the Installing and Configuring VMware Identity Manager for Linux guide, such as the Using a Load Balancer or Reverse Proxy to Enable External Access to VMware Identity Manager topic.

For load-balancing information specific to VMware NSX-T™ or VMware NSX® for vSphere®, see the corresponding VMware Validated Design™ documentation that follows for guidance.

Prerequisites

Ensure the cluster requirements are met. See Certificate Requirements for Cluster

Procedure

  1. Take snapshots of the database and the VMware Identity Manager nodes.
  2. Remove the appropriate nodes from the load balancer, depending on the database type.
    • Internal PostgreSQL Database. Remove replica nodes from the load balancer while keeping the database master node intact.
    • Microsoft SQL Database. Remove all nodes except one from the load balancer.
  3. If you are upgrading with VMware vRealize Suite Lifecycle Manager, disable the health monitors on the load balancer.
  4. Upgrade the node that is still connected to the load balancer.
    Follow the process for an online or offline upgrade, as described in Upgrading VMware Identity Manager Online or Upgrading VMware Identity Manager Offline.
    Important: Expect some downtime during the upgrade process.
  5. After the node is upgraded, leave it connected to the load balancer.
    The connection ensures that the VMware Identity Manager service is available while you upgrade the other nodes.
  6. Upgrade the other nodes one at a time.
  7. After all the nodes are upgraded, add them back to the load balancer.
  8. After you upgrade all the nodes in your VMware Identity Manager deployment, use the diagnostics dashboard to monitor system information health.
    1. Log in to the VMware Identity Manager console.
    2. Select Dashboard > System Diagnostics Dashboard.
    3. If your deployment consists of more than one VMware Identity Manager appliance, select the appliance you want to monitor.
    4. Check the status of the various services.
      For example, to check the health of the Elasticsearch service, review the Integrated Components section and confirm that the values for the Elasticsearch items are as expected. Therefore, the value for Elasticsearch - Health is Green, the information about the cluster nodes is accurate, and so on.