KeyControl Upgrade Requirements
- If your KeyControl nodes are running version 4.2 or later, you can upgrade the entire cluster from any node in the cluster using the KeyControl webGUI. KeyControl automatically applies the upgrade to all nodes in the cluster sequentially so that the KeyControl cluster remains available for key requests from the registered VMs throughout the entire upgrade process. For details, see Upgrading 4.2 or Later KeyControl Nodes with the KeyControl webGUI.
-
If your KeyControl nodes are running version 4.1 or earlier, or if you want to upgrade your KeyControl nodes by booting them directly from the HyTrust DataControl ISO image, you must dismantle the cluster before you can perform the upgrade. For details, see Upgrading 4.1 or Earlier KeyControl Nodes.
-
You can only upgrade between successive versions. Supported upgrade paths are:
Initial Release
Available Upgrade Paths
2.6
2.7.1
2.7
2.7.1
2.7.x
3.0
3.0.1
3.0
3.0.1
3.0.x
3.1
3.1.1
3.1.2
3.1
3.1.1
3.1.x
3.1.2
3.2
3.2.1
3.2
3.2.1
3.2.x
3.3
3.3
3.4
3.4
4.0
4.0
4.1
4.1
4.2
4.2.1
4.2
4.2.1
4.3
4.3.1
4.2.1
4.3
4.3.1
4.3
4.3.1
For example, If you want to upgrade from version 3.3 to version 4.3.1, you must use the upgrade path 3.3 > 3.4 > 4.0 > 4.1 > 4.2.1 > 4.3.1. You cannot go directly from 3.3 > 4.3.1.
Note: You cannot upgrade Microsoft Azure KeyControl nodes from version 3.4 to any 4.x version. Instead, to move from version 3.4 to version 4.x on Azure, you must do a fresh install of KeyControl version 4.x and then reconfigure your KeyControl cluster from scratch. Running Older Versions of the HyTrust DataControl Policy Agent with Upgraded KeyControl Nodes
We recommend that you upgrade the Policy Agents running on the VMs registered with KeyControl when you upgrade the KeyControl software, but it is not required. While all your KeyControl nodes must be running the same version of the software, older versions of the Policy Agent can still talk to newer versions of KeyControl.
Starting in release 4.2 however, KeyControl nodes communicate using Transport Layer Security (TLS) protocol version 1.2 by default. This means that KeyControl nodes running version 4.2 or greater cannot communicate with any Policy Agents running version 3.4 or older. If you have Policy Agents running an older version of the software that you do not intend to upgrade, you need to change the KeyControl SSL configuration to use TLS version 1.0.
|
Follow us: |
