Upgrading KeyControl Compliance Manager from 10.4.1.1 to 10.4.3

Important: You must upgrade your KeyControl vaults before upgrading KeyControl Compliance Manager.

Before You Begin 

  • Make sure that the KeyControl Compliance Manager nodes can communicate with one another on port TCP/8443 and TCP/5432.

  • We recommend that you back up your KeyControl Compliance Manager cluster before you upgrade it. For details, see Backing Up Using the KeyControl Compliance Manager webGUI.

  • Please download your Admin Key and store it in a safe place before you upgrade. KeyControl Compliance Manager prompts for an admin key to recover your KeyControl Compliance Manager system. You must provide this admin key to proceed. For details, see Downloading your Admin Key.

  • We recommend that you enable the support login on all cluster nodes before you start the upgrade. For details, see Enabling or Disabling the Support Login.

  • Make sure your internet connection to the KeyControl Compliance Manager node is as fast and as stable as possible. To begin the upgrade, you need to upload the upgrade ISO image to the KeyControl Compliance Manager node in one continuous session. If the upload times out or if connectivity to the node is lost during the upload, you will see error messages in KeyControl Compliance Manager and you must re-upload the file from scratch. KeyControl Compliance Manager cannot resume the upload from where it left off during a previous session.

Note: If the KeyControl Compliance Manager upgrade fails, try rebooting each node, one at a time. Ensure that you can login to the rebooted node’s webGUI, then retry the upgrade once more. If it fails again, then please contact hytrust.support@entrust.com.

Procedure 

  1. Log into the KeyControl Compliance Manager webGUI on your master node with your standard account credentials.

  2. Click on Switch to Appliance Management.

  3. In the top menu bar, click Cluster.

  4. On the Cluster page, click Servers.

  5. Ensure that you are logged in to the master node. The master node will have a star beside the name.

  6. Select all of the other nodes in the cluster using the multi-select checkbox.

  7. Select Actions > Remove.

    The other nodes are removed from the cluster, leaving this as a one-node cluster.

  8. Log into the KeyControl Compliance Manager System Console as the htadmin user and remove the pre-upgrade snapshots (option 7, option 1, select Yes to confirm).

  9. Shut down your KeyControl Compliance Manager VM and delete all VM snapshots.

    All snapshots must be deleted before you can update your memory or storage.

  10. In the vSphere Client or Management vCenter, right-click on your CloudControl VM and select Edit Settings.

  11. Increase the Hard disk size to at least 250 GB.

  12. Start up the KeyControl Compliance Manager VM and take a snapshot with the increased size.

  13. Log back in to your single-node KeyControl Compliance Manager webGUI, then click Switch to Appliance Manager.

  14. In the top menu bar, click Settings.

  15. In the System Settings section, click System Upgrade.

  16. Ensure that there is at least 25GB available disk space under the Current Information section on the System Upgrade page.

  17. Click Browse, navigate to the Entrust ISO upgrade file, and click Open.

    Important: KeyControl Compliance Manager has separate ISO files for installation and upgrade. Please ensure that you use the ISO upgrade file.

  18. Click Upload File. If the Upload File button is not active, make sure that you have selected an ISO file and that the one-node cluster is healthy.

    After KeyControl Compliance Manager uploads and validates the ISO file, KeyControl Compliance Manager begins the automatic upgrade process.

    KeyControl Compliance Manager displays a status message stating that the upgrade is in process along with a Cancel Upgrade button in case you want to stop the process.

  19. Click Finish Upgrade.

    KeyControl Compliance Manager displays a message stating that the cluster will be put into maintenance mode during this procedure and that all nodes will be rebooted. While in maintenance mode, no KeyControl Compliance Manager changes can be made.

  20. Click Proceed.

    KeyControl Compliance Manager displays a status message stating that the cluster nodes are being rebooted.

    Note: After the upgrade, even if the KeyControl Appliance Management webGUI shows that the upgrade is completed, it may still take up to 30 minutes to restore all functionality.

  21. Install a new KeyControl Compliance Manager OVA. For more information, see Installing KeyControl Compliance Manager from an OVA.

  22. Follow the instructions above to increase the disk size of the new node to 250 GB.

  23. Join the newly installed KeyControl Compliance Manager node to the upgraded node to create a two-node cluster.

    KeyControl Compliance Manager Version 10.4.3 supports two-node clusters. Three-node clusters are no longer required.