KeyControl Clustering and Upgrade

Contents

Introduction

This chapter covers adding new nodes to the KeyControl cluster and upgrading nodes in the cluster.

Installing additional KeyControl appliances

The process for installing additional KeyControl appliance is similar to installing the first KeyControl appliance but has an additional authentication step. Once installation has completed and the system has rebooted, you will be prompted to select the system type as follows:

Install New Kps Nodes

Select option 2 and confirm your selection:

Install New Kps Node Confirm

Next, you set up the console menu password and set up networking following the procedures you used in setting up the first KeyControl server.

Joining a KeyControl Cluster

At this point, the new KeyControl appliance needs to be authenticated with the KeyControl cluster. The following screen appears informing you of the need for authentication. You will need the IP address of another KeyControl appliance in the cluster.

Install Authenticate1

The first thing to enter is a description ("hint") for this appliance. This allows you to specify information about the new KeyControl appliance being installed. For example, it could be location information such as "This is the KeyControl in the Miami data center." When you go to the webGUI to authenticate this appliance, this description is displayed.

Install Authenticate2

The next piece of information to enter is the IP address of any KeyControl appliance in the existing cluster:

Install Authenticate3

The final piece of information required is the passphrase itself. We require a minimum of 16 characters. If any additional characters are entered (helps to build a phrase to remember) they will be ignored. If you knowingly type a passphrase incorrectly, you can hit CTRL+C and select the Re-authenticate This System option in the console menu.

Install Authenticate4

The appliance must now be authenticated through the webGUI, as the following message indicates:

Install Authenticate Wait

At this point you need to log on to the webGUI with Domain Administration privileges. The new KeyControl appliance will automatically appear as an unauthenticated appliance in the KeyControl cluster, as shown below:

Domain Kps Waiting Auth

To authenticate this new appliance, click the padlock icon. This will take you to the authentication screen shown below. The hint typed during installation is shown and you are prompted to enter the Authentication Passphrase.

Domain Kps Type Passphrase

Once authentication completes, the KeyControl appliance is listed as Authenticated but Unreachable until cluster synchronization completes and the cluster is ready for use. This should not take more than a minute or two.

Domain Kps Auth Wait Install

Once the KeyControl appliance is available, the status will automatically move to Online and the cluster status at the top right of the screen will change back to Healthy.

At this point, the new cluster/appliance is ready to use.

Install Authenticate5

Upgrading KeyControl appliances

All KeyControl appliances must operate at the same software version. Prior to upgrade, we recommend that you back up the KeyControl cluster. Please refer to the KeyControl Backup and Restore chapter for further information.

We only support upgrade of a single KeyControl appliance at this time. Also, you can only upgrade between successive versions. For example, upgrade from 2.5 or 2.5.1 to 2.6 is valid but 2.4 to 2.6 will be rejected. However, you can upgrade from 2.4 to 2.5.x, and from that version to 2.6.

Note on upgrading for AWS users: HyTrust is building in functionality for future upgrades to the AWS installation. This section describes upgrading using an ISO image. That form of upgrade is not available for AWS installations. Future versions of HyTrust KeyControl will support all upgrades through the webGUI, including AWS.

You should follow these steps listed below for upgrading your KeyControl cluster and DataControl agents:

  • Back up the KeyControl cluster. You can take a backup image from any node.
  • Reduce the cluster to a single node. Removing cluster nodes is described below. Shut down all nodes removed.
  • Shut down the remaining KeyControl node.
  • Upgrade the remaining KeyControl node.
  • Install (from scratch) each additional appliance in the cluster. Adding the KeyControl appliances to the cluster will result in all objects being propagated to the newly joined appliances. Installing new KeyControl appliances in the cluster should only take a minute or two.

To remove a KeyControl appliance from the cluster, select the DOMAINS tab, select the KeyControl Domain and choose one of the KeyControl appliances to remove as the following figure shows:

KeyControl Remove Node

NOTE - if you are using the DataControl agent, you need to make sure that you manage the KeyControl list on each agent. If you are upgrading an N-Node cluster and will return to the same N-Node cluster after upgrade, there is nothing that you need to do. However if you are changing IP addresses or changing the number of KeyControl appliances, please update the KeyControl list accordingly. Please refer to the Managing the KeyControl list of the DataControl agent chapter for further information.

Upgrading a Single KeyControl Appliance

Upgrading a KeyControl appliance is a very simple process. The CD/DVD containing the ISO image must be inserted into the drive (or attached to the VM) and the system should be bootstrapped. Once the system comes up, you will see the following menu:

Install Overwrite

Select option 1 and press Enter. The installer will check to make sure that the system can be upgraded and then perform the upgrade, which should not take more than a minute or so. Prior to actually performing the upgrade you will see a screen similar to the following:

Install Upgrade Confirm

Note - you should back up your KeyControl appliances and remove all nodes from the cluster through the GUI with the exception of the node being upgraded. If another node still exists in the cluster you will see the following screen:

Install Upgrade KeyControl Found

If another KeyControl node exists and you wish to continue with the upgrade, you will be prompted to confirm. Note however that we do not recommend this. You should always back up the cluster, downgrade to a single KeyControl node and add back newly installed nodes to build up the cluster once again.

If you do have a single node in the cluster and you select OK to upgrade then the upgrade process will start. Once the upgrade has completed, you will see the following screen.

Install Upgrade Succeeds

At this point, press Enter to reboot. For this KeyControl appliance, log back into the webGUI and check the upper right hand corner of the screen. You should now see the new version number.

Install Version After Upgrade

You can now repeat the process for any additional nodes you wish to add to the cluster.

Back to Contents