Upgrading 4.1 or Earlier KeyControl Nodes

Starting with KeyControl version 4.2, you can use the KeyControl webGUI to upgrade all nodes in a multi-node cluster simultaneously, without needing to remove the other nodes from the cluster. For details, see Upgrading 4.2 or Later KeyControl Nodes with the KeyControl webGUI.

If your KeyControl nodes are running version 4.1 or earlier, or if you want to upgrade any KeyControl node by booting it directly from the HyTrust DataControl ISO file instead of using the webGUI, follow the procedures below.

Important:

The following sections describe the standard upgrade procedure for full version upgrades. However, you should always look at the HyTrust DataControl Release Notes for the version to which you want to upgrade to make sure there are no changes to the standard procedure.

Step	Description	Notes
1	Back up the KeyControl cluster.	See Backing Up the KeyControl Cluster.
2	Log into the KeyControl webGUI on one of the nodes in the cluster and remove the other nodes from the cluster until you have a single KeyControl node. The remaining node will be called the "First Node" in the following upgrade procedures.	See Removing KeyControl Nodes from a Cluster.
3	Upgrade the First Node.	If you are upgrading on Amazon Web Services (AWS), or if you want to use the KeyControl webGUI to do the upgrade, see Upgrading the First KeyControl Node Using the webGUI. If you want to upgrade from an ISO image, see Upgrading the First KeyControl Node Using the HyTrust ISO Image.
4	For each node you removed from the original cluster, you need to: Power off and remove (or rename) the old node from your hypervisor so that the IP address you used on the original node becomes available. Deploy the new version of KeyControl as a fresh appliance using the same IP address as the original node. Join the newly-deployed node with the upgraded First Node. This restores all of the previous configuration settings on the newly-deployed node.	Using the same IP address as the original node maintains the connections between your VMs and KeyControl. If you use a different IP address, you need to update the KeyControl IP address list on any VMs that are currently associated with the original node's IP address. You also have to update any KeyControl Mappings that include the original node IP address. For details on how VMs communicate with KeyControl, see Communication Between the VMs and KeyControl . You can deploy the software using an OVA template or install it using an ISO file. See KeyControl OVA Installation or KeyControl ISO Installation. After you install the software, join the node to the cluster using either Adding a New KeyControl Node to an Existing Cluster (OVA Install) or Adding a KeyControl Node to an Existing Cluster (ISO Install).
5	Upgrade the HyTrust DataControl Policy Agents installed on your encrypted servers.	See Upgrading the Policy Agent on Linux, Upgrading the Policy Agent on Windows, or Upgrading 4.1 or later Policy Agents with the KeyControl webGUI.