| Important: | The following sections describe the standard upgrade procedure for full version upgrades. However, you should always look at the HyTrust DataControl README for the version to which you want to upgrade to make sure there are no changes to the standard procedure. |
Upgrade Requirements
You can only upgrade individual KeyControl nodes. Nodes in a cluster cannot be upgraded.
The standard procedure is to upgrade one node then re-install the KeyControl software on the other nodes as if you were doing a fresh install. After you re-install the software, you can recreate the cluster by re-joining the nodes.
You can only upgrade between successive versions. Supported upgrade paths are:
|
Initial Release |
Available Upgrade Paths |
|---|---|
|
2.6 |
2.7.1 |
|
2.7 |
2.7.1 |
|
2.7.x |
3.0 3.0.1 |
|
3.0 |
3.0.1 |
|
3.0.x |
3.1 3.1.1 3.1.2 |
|
3.1 |
3.1.1 |
|
3.1.x |
3.1.2 3.2 3.2.1 |
|
3.2 |
3.2.1 |
|
3.2.x |
3.3 |
|
3.3 |
3.4 |
|
3.4 |
4.0 |
For example, If you want to upgrade from version 3.2 to version 4.0, you must use the upgrade path 3.2 > 3.2.1 > 3.3 > 3.4 > 4.0. You cannot go directly from 3.2 > 4.0.
| Note: | You cannot upgrade Microsoft Azure KeyControl nodes from version 3.4 to 4.0. Instead, you must install 4.0 and re-configure your KeyControl system. |
Upgrade Procedure Overview
| Step | Description | Notes |
|---|---|---|
|
1 |
Back up the KeyControl cluster. | See Backing Up the KeyControl Cluster. |
|
2 |
Log into the KeyControl webGUI on one of the nodes in the cluster and remove the other nodes from the cluster until you have a single KeyControl node. The remaining node will be called the "First Node" in the following upgrade procedures. |
|
|
3 |
Upgrade the First Node. |
If you are upgrading on Amazon Web Services (AWS), or if you want to use the KeyControl webGUI to do the upgrade, see Upgrading the First KeyControl Node Using the webGUI. If you want to upgrade from an ISO image, see Upgrading the First KeyControl Node Using an ISO Image. |
|
4 |
Install the new version of KeyControl on each node you removed and re-join it with the First Node. You do not need to upgrade the node. Just do a fresh install of the new KeyControl software. Your previous settings will be restored when you re-join the node with the upgraded First Node. |
You can install the software using an OVA template or an ISO file. See KeyControl OVA Installation or KeyControl ISO Installation. After you install the software, re-join the node to the cluster using either Adding a New KeyControl Node to an Existing Cluster (OVA Install) or Adding a KeyControl Node to an Existing Cluster (ISO Install). |
|
5 |
Upgrade the HyTrust DataControl Policy Agent installed on your encrypted servers. |