It can be beneficial, and safer, to test newer versions of Identity Management before upgrading production systems. There is a relatively simple way to do this by creating a sacrificial replica and testing on that system.
Set up a replica based on one of the production servers, with the same version of IdM as is running in production, as described in Chapter 4, Setting up IdM Replicas
. For this example, this is called Test Replica. Make sure that Test Replica can successfully connect to the production
server and domain.
After verifying that Test Replica has been successfully added to the production domain, disconnect Test Replica from the network.
Remove the replication agreements for Test Replica from the original IdM server and from Test Replica.
Reconnect Test Replica to the network.
Upgrade the packages on Test Replica using
yum or whatever package update tool is appropriate for your system. For example:
[root@ipareplica ~]# yum update ipa*
Test common things on Test Replica, like getting Kerberos credentials, opening the server UI, and running commands.