Upgrading the Policy Agent on Windows

Before You Begin 

• Make sure that you have upgraded your KeyControl nodes before you upgrade your Policy Agents. Registration will fail if the version of the Policy Agent is higher than that of the KeyControl node and your encrypted data may become unavailable.
• Make the upgrade path from your current version to the new version is supported. For details, see Policy Agent Upgrade Requirements.
• Make sure that any outstanding encryption or decryption operations are complete on the target system by checking the KeyControl webGUI Dashboard.

Procedure 

1. Log into the KeyControl webGUI using an account with Cloud Admin privileges.
2. Click Cloud.
3. Click Actions > Download Policy Agent.
4. Click the Download link associated with the file hcs-client-agent-rel.number-build.number.exe. KeyControl downloads the file to your browser's default download location.
5. Copy hcs-client-agent-rel.number-build.number.exe to the Windows system that you want to upgrade.
6. Log into the target system as an Administrator.

7. Navigate to the directory in which you placed the hcs-client-agent-rel.number-build.number.exe file and run the installer.

8. On the Welcome page of the HyTrust Setup Wizard, click Next.
9. On the License Agreement page, review the EULA (end user license agreement) and click I Agree.

10. In the Choose Components page, review the setting of the HT Bootloader option.

    If you want to encrypt the boot drive on this system now or in the future, make sure this option is selected.

    If you are certain that you will never need to encrypt the boot drive, you can clear this check box.

11. If the HT Bootloader option is not selected:
    1. Click Install.
    2. The installer displays a prompt that the system is going to be upgraded and will require a reboot. Click Yes to continue with the upgrade.
12. If the HT Bootloader option is selected:
    1. Click Next.
    2. On the Drive and Network Configuration page, select the drive letter and the network that the HyTrust Bootloader should use when connecting to KeyControl. By default, this dialog box shows the current DeviceID (a unique integer) and ConnectionID from WMI class Win32_NetworkAdapter for the selected network interface.
    3. When you are finished, click Install.
    4. If prompted, click Yes to remove any existing Bootloader partitions.
    5. The installer displays a prompt that the system is going to be upgraded and will require a reboot. Click Yes to continue with the upgrade.

    6. If this is the first time the HyTrust Bootloader has been installed on this VM, after the machine has finished booting, copy the id_rsa key file to another location in case you ever need to access the HyTrust Bootloader Debug Console using SSH. If you are upgrading an existing Bootloader installation, the id_rsa key file is not changed during the upgrade.