Beginning September 6, 2022 the Identity Cloud databases that store user profile records will all be upgraded to a newer major version of PostgreSQL. This upgrade requires each database to be offline for 30-to-60 minutes. During that time, users won’t be able to login or register, and customers won’t be able to access user records by using Identity Cloud APIs.
Don’t confuse this operation with a minor version upgrade, an upgrade that typically requires about 60 seconds of downtime. This is a major version upgrade that, again, requires 30-to-60 minutes of downtime.
Every 3-to-4 years, databases within the Identity Cloud need to undergo a major upgrade in order to remain on supported versions of PostgreSQL. This year, Amazon Web Services (AWS) requires outdated PostgreSQL versions to be upgraded by November 11, 2022. If the databases aren’t upgraded prior to that cutoff date, AWS will automatically upgrade each database sometime after November 11th.
Performing this upgrade enables the databases to remain on current versions of PostgreSQL for another 3-to-4 years.
Given the November 11, 2022 hard date, Akamai prefers to perform these upgrades during times of relatively low customer activity. Typically these low activity times occur right before the end of summer, and before customers start preparing for their fall and winter campaigns.
In our testing, each database typically takes about 20 minutes to upgrade. However, experience shows that a few of the upgrades might take longer. Because of that, customers should expect a downtime window of 30-to-60 minutes. During this downtime, the database will be offline. That prevents the following activities:
- API access to records
Users who are already logged in are typically unaffected when the database goes offline. The users most likely to be affected are those trying to log on after the database has gone offline, or users trying to create a new account. Logins and registration will be allowed as soon as the database comes back online.
Note that the actual upgrade is carried out by AWS but is initiated by Akamai.
Akamai performs upgrades during region-specific low traffic times. The upgrades take place over the course of several days, which enables Akamai to target specific regions at specific times, and to learn from each region along the way.
The following chart illustrates the project timeline:
Start time (UTC)
End time (UTC)
September 6, 2022
September 7, 2022
September 8, 2022
September 12, 2022
September 13, 2022
What’s the user experience during the database maintenance window? Is the login page presented to the user or do they receive an error message?
A: Because only the user profile database is unreachable during the upgrade process, the rest of the Identity Cloud platform should remain up and running. This means that users are still presented with a screen for login or registration. However, any attempt to login or to register while the database is offline fails.
Is there a specific set of HTTP response codes returned from the Identity Cloud API’s during the maintenance window? For example, what would happen if a call is made to the /entity.delete operation during the maintenance window?
For the most part, the services in front of the database being upgraded return 5xx error codes. This varies depending on the portion of the platform making the request:
- API requests typically return either a 5xx or (sometimes) a 4xx error depending on the call.
What response will users receive when calling the /entity.count operation during the maintenance window?
If the entity.count API is called while the database is offline, the response will be a 5xx error code.
How much time do you expect the Identity Cloud service to be down during the maintenance window? What's the recovery time in case of a failed upgrade?
The maintenance window will be 3 hours for most regions, which includes a 30-to-60 minute period when the Identity Cloud databases are unavailable. That 3 hour estimate includes recovery time if a rollback is required.
What happens to active users when the maintenance window begins? Will the active session be disconnected and the users need to re-login?
Users who are logged in and who already have a session will remain logged in and continue to have access. They shouldn’t need to reauthenticate.
Wouldn’t it be better to do these upgrades on a weekend? The timeline shows all the upgrades happening on a weekday.
As a general rule, Akamai discourages carrying out operations like this outside of standard Akamai working hours. If we attempted to carry out the upgrades on a Saturday or Sunday, fewer Akamai support personnel would be available if something went wrong. Doing the upgrade on a weekday ensures that a full complement of Akamai support staff will be available to deal with any problems that might arise.
Updated 3 days ago