Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

CipherTrust Manager Administration

System Upgrade/Downgrade

search

Please Note:

System Upgrade/Downgrade

You can upgrade/downgrade your unclustered CipherTrust Manager by securely downloading and applying a new/older system archive file.

Note

Refer to Cluster Upgrade for details on upgrading a cluster of devices.

Restoring a backup from release 1.5.0 or later is supported; however, restoring a newer backup to an older version is never supported.

System Upgrade

Caution

Please read this section carefully before performing an system upgrade.

Caution

Upgrading from 2.5.1 to 2.5.2 disables access to all global keys. If you are starting from 2.5.1 and you make use of global keys, contact Thales customer support for assistance to plan the upgrade to minimize downtime.

System upgrades are supplied in the form of a signed archive file available from the Support Portal.

For 2.5.2, we tested upgrade from 2.2.x, 2.3.x, 2.4.x, and 2.5.x.

Note

Upgrades from other versions have not been tested and may not work correctly.

  1. Download the archive file to CipherTrust Manager:

    $ scp -i <ssh private key path> <update file name> ksadmin@<ip>:.

    Note

    The signature of the archive file is verified before the upgrade/downgrade is performed.

  2. Before proceeding, ensure there is at least 12 GB of space available (not including the upgrade file).

  3. Create and download a backup with corresponding backup key, in case there are any problems.

    Note

    Upgrades keep all the data and may migrate the data and configuration. Therefore, as a precaution, it is recommended to take a backup before upgrading.

  4. scp the archive file to the CipherTrust Manager:

    $ scp -i <identity_file> <update file name> ksadmin@<ip>:.

  5. ssh into the CipherTrust Manager as ksadmin and run the following command:

    $ sudo /opt/keysecure/ks_upgrade.sh -f <~/filename>

    Here, <~/filename> specifies path to the signed CipherTrust Manager installer file.

    The signature of the archive file is verified and the upgrade is applied.

System Downgrade

CipherTrust Manager 2.5.2 can be downgraded to 2.4.0. For release-specific upgrade/downgrade information, refer to the release notes for your release.

To downgrade your CipherTrust Manager

Note

Downgrades perform a CipherTrust Manager reset, which wipes all data except the backup files that already exist.

  1. SSH into the CipherTrust Manager as "ksadmin".

  2. Downgrade the CipherTrust Manager:

    $ sudo /opt/keysecure/ks_downgrade.sh -f <~/filename> -y

Usage: ks_downgrade.sh -f <FILE> [-o] [-y]

*  `-f`: Path to the signed ${cm} installer file.

*  `-o`: Clustered node cannot be downgraded. Use this flag to override this behavior.

*  `-y`: Skip the confirmation prompt for ${cm} reset.

On this page