Upgrading the First KeyControl Node Using the webGUI

The following procedure applies to KeyControl nodes running version 4.1.x or earlier. If your KeyControl nodes are running version 4.2 or later, see Upgrading 4.2 or Later KeyControl Nodes with the KeyControl webGUI.

Before You Begin 

Make sure you have removed any additional KeyControl nodes from the cluster before you upgrade the node as described in Removing KeyControl Nodes from a Cluster. You cannot upload the ISO file if there are other nodes in the cluster.

Procedure 

1. Log into the KeyControl webGUI on any node in the cluster using an account with Domain and Security Admin privileges.

2. In the top menu bar, click Settings.
3. In the System Settings section, click System Upgrade.
4. Click Browse, navigate to the HyTrust ISO installation file, and click Open.

5. Click Upload File.

   If the Upload File button is not active, make sure that you have selected an ISO file and that you have removed all of the other nodes from the cluster. You cannot upload the ISO file if there are multiple nodes in the cluster.

6. When the upgrade finishes, the KeyControl webGUI displays the Upgrade Success dialog box showing the status of the upgrade. Click Close to continue with the process.
7. Click Reboot to finish upgrading the First Node.

8. Click Proceed at the prompt.

   KeyControl reboots the node and returns you to the KeyControl webGUI Login page.

9. To configure the Automatic Vitals Reporting feature, log back into the webGUI after the First Node has finished rebooting. KeyControl automatically displays a pop up dialog box asking if you want to enable the feature the first time a Security Admin logs in after the node has been upgraded to version 4.2.1 or later.

   Automatic Vitals Reporting lets you automatically share information about the health of your KeyControl cluster with HyTrust Support. If you enable this service, KeyControl periodically sends an encrypted bundle containing system status and diagnostic information to a secure HyTrust server. HyTrust Support may proactively contact you if the Vitals service identifies issues with the health of your cluster.

   KeyControl Security Admins can enable or disable this service at any time by selecting Settings > Vitals in the KeyControl webGUI. For details, see Configuring Automatic Vitals Reporting.

   Tip:

   If your browser does not display the KeyControl webGUI login page correctly, clear your browser cache and navigate to the page again.

10. To verify the upgrade, return to Settings > System Upgrade and verify the settings for Current Version and Previous Version..

What to Do Next 

After you upgrade the First Node, you should not upgrade the other nodes in the cluster. Instead, install the KeyControl software on the other nodes as if you were doing a fresh install and join those nodes with the node you just upgraded. For more information, see:

• Installing KeyControl from an OVA Template followed by Adding a New KeyControl Node to an Existing Cluster (OVA Install).
• KeyControl ISO Installation followed by Adding a KeyControl Node to an Existing Cluster (ISO Install).

Important:

Starting in version 4.2, KeyControl nodes communicate using Transport Layer Security (TLS) protocol version 1.2 by default. This means that KeyControl nodes running version 4.2 or greater cannot communicate with any Policy Agents running version 3.4 or older. If you have Policy Agents running an older version of the software that you do not intend to upgrade, you need to change the KeyControl SSL configuration to use TLS version 1.0. For details, see Configuring SSL Settings.