Back up existing Cognos data and encryption keys, if required.
Import data to the content store, if required.
Cognos 8 components require Java Runtime Environment (JRE) to operate. The current version provided with Cognos 8 is JRE 1.5.0. For more information about the supported JRE versions, see the Cognos Support Website (http://support.cognos.com).
Cognos Configuration and other Cognos 8 components use the JRE referenced by the JAVA_HOME environment variable. On Windows, if JAVA_HOME is not set, the JRE that is packaged with Cognos 8 components is used by default.
If you want to change your current JRE, some configuration changes are required. Changing may be appropriate in the following situations:
You want to use Cognos 8 components with an application server that requires a specific JRE version.
You already use a JRE version with other applications.
If you are using Cognos 8 components in an application server environment, follow the process in Configuring Cognos 8 for a Third-Party Application Server. The process includes steps for updating the Java environment.
Before you begin, ensure that Cognos 8 components are installed and that JRE you want to use is installed.
To change JRE versions, do the following:
| | Back up existing Cognos data and encryption keys, if required. |
| | |
| | Import data to the content store, if required. |
The tasks in this section are for a Cognos installation that uses Tomcat.
You must back up existing Cognos information if Cognos 8 components are running
on an application server (including Tomcat) and you are changing to an application server that ships with its own JVM.
with a JVM from one vendor and you are changing to another JVM vendor.
Note: You must back up existing Cognos information within the working environment prior to upgrade.
Before configuring Cognos 8 components to run on the new application server or JVM, you must back up
content store data by creating a deployment export.
configuration information by exporting it. Any encrypted data is decrypted during the export.
cryptographic keys by saving them to an alternate location. New cryptographic keys must be created using the same JVM that the application server uses. Because these keys can be created only if the previous keys are deleted, it is important to back up the previous keys.
To ensure the security and integrity of your Cognos data, back up the content store, configuration information, and cryptographic keys to a directory that is protected from unauthorized or inappropriate access.
Tip: To check if any cryptographic keys exist, look in the c8_location/configuration directory. Cryptographic keys exist if this directory includes the following subdirectories: csk, encryptkeypair or signkeypair.
If data exists in the content store, start the Cognos 8 service and export the entire content store using the Deployment tool.
For more information, see the topic about creating an export deployment specification in the Administration and Security Guide.
In Cognos Configuration, from the File menu, click Export As and save the configuration information in a decrypted format. When naming the file, use a name such as "decrypted.xml".
Export the data to a directory that is protected from unauthorized or inappropriate access because passwords are stored in plain text. You are prompted to acknowledge that the export is an unsecure operation.
Stop the Cognos 8 service:
If you use Tomcat, stop the Cognos 8 service and close Cognos Configuration.
If you use an application server other than Tomcat, shut down Cognos 8 in your environment.
Back up any existing cryptographic keys by saving the appropriate files and directories to an alternate location that is secure.
The files are
c8_location/configuration/cogstartup.xml
c8_location/configuration/caSerial
c8_location/configuration/cogconfig.prefs
c8_location/configuration/coglocale.xml
The directories are
c8_location/configuration/csk
c8_location/configuration/encryptkeypair
c8_location/configuration/signkeypair
Delete the caSerial and cogconfig.prefs files and the three directories: csk, encryptkeypair, and signkeypair.
Replace the c8_location/configuration/cogstartup.xml file with the file that contains the data exported from Cognos Configuration (for example, "decrypted.xml").
Important: In the c8_location/configuration directory, the file must use the name "cogstartup.xml".
The information in this file will be automatically re-encrypted using new cryptographic keys when you save the configuration in Cognos Configuration.
The Cognos security provider files must be located in the JVM environment for the new version of Java.
Cognos 8 cryptographic services use a specific .jar (Java Archive) file, named bcprov-jdknn-nnn.jar, that must be located in your Java Runtime Environment (JRE). This file provides additional encryption and decryption routines that are not supplied as part of a default JVM installation. To ensure security, the encryption file must be loaded by the JVM using the java extensions directory.
If you want to use your own JRE and have JAVA_HOME set to that location on Windows or if you are installing on UNIX, you may have to update the Java environment for the cryptographic services.
On Windows, you can set JAVA_HOME as a system variable or a user variable. If you set it as a system variable, it may be necessary to restart your computer for it to take effect. If you set it as a user variable, set it so that the environment in which Tomcat is running can access it.
If you do not have a JAVA_HOME variable already set on Windows or if JAVA_HOME points to a Java version that is not valid for Cognos 8, the JRE files provided with the installation will be used, and you do not have to update any files in your environment.
Ensure that the JAVA_HOME environment variable is set to the JRE location.
For example, to set JAVA_HOME to the JRE files provided with the installation, the path is c8_location/bin/jre/version.
Copy the bcprov-jdknn-nnn.jar file from the c8_location/bin/jre/version/lib/ext directory to the Java_location/lib/ext directory.
Start Cognos Configuration.
Save the configuration.
Cognos Configuration generates new keys and encrypts the data.
If you exported the content store before changing the JVM, import the deployment to restore and encrypt the data using the new encryption keys.
To import the content store data, start the Cognos 8 service and import the entire content store using the Deployment tool. For more information, see the topic about importing to a target environment in the Administration and Security Guide.
