Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

CipherTrust Manager Lifecycle and Support

Supported Upgrade Paths

search

Supported Upgrade Paths

Supported upgrade paths are presented for the latest Feature Release (FR) and Long Term Support (LTS) CipherTrust Manager software versions. Consult the release model page for details about these release types. Release Notes for individual release versions also contain supported upgrade paths to that version, alongside any special instructions or considerations.

Upgrade path support follows some general patterns, with exceptions identified for particular cases:

  • You can upgrade a standalone, unclustered appliance up to three minor versions at one time.

  • You can upgrade cluster nodes in the cluster remove/rebuild method up to three minor versions at one time.

  • You can upgrade cluster nodes in the in-place online cluster upgrade up to one minor version at one time.

  • If you are starting at a version below 2.8.x, you must upgrade to 2.8.1 before upgrading to higher versions.

  • Upgrade to the latest patch of the minor version for any starting, intermediate, or destination minor version.

copy link to clipboardUpgrade to Latest Long Term Support Version

Upgrade procedures for latest LTS Version are included in software documentation for that version.

The supported cluster upgrade methods to LTS releases are online in-place, offline in-place, and cluster remove/rebuild. These paths are valid for the CipherTrust Manager k470 and k570 physical appliances, and Virtual CipherTrust Manager k170v and k470v instances.

Note

  • Upgrade paths from 2.8.0-TCT and 2.11.2-TCT are not presented here. These releases is only found on the Thales TCT k160 small form factor appliance. Consult Release Notes for a desired target version to see if upgrade on the Thales TCT k160 appliance is supported.

copy link to clipboardUpgrade to Latest Feature Release Version

Upgrade procedures for latest FR Version are included in software documentation for that version.

The supported cluster upgrade methods to FR versions are online in-place and cluster remove/rebuild.

Note

  • This section presents upgrade paths to the latest FR version only. It is not intended to present paths to any earlier version. Consult release notes for earlier versions for upgrade paths.

  • To upgrade 2.11.6 patch with the cluster online in-place method, you must use the force flag, -o to upgrade to 2.12.2. The upgrade command is sudo /opt/keysecure/ks_upgrade.sh -f <archive_file_path> -o.

  • To upgrade 2.12.2 to 2.15.0 or 2.11.6 to 2.14.2 with a standalone device, or with the cluster rebuild/remove method, you must use the force flag, -o. The upgrade command is sudo /opt/keysecure/ks_upgrade.sh -f <archive_file_path> -o.

  • Upgrade to 2.9.2 is not recommended. If you are already on the 2.9.2 patch, you can upgrade to 2.10.3 with a standalone device or with the cluster rebuild/remove method. You can upgrade 2.9.2 to 2.12.2 with the cluster online in place method.

These paths are valid for the CipherTrust Manager k470 and k570 physical appliances, and Virtual CipherTrust Manager k170v and k470v instances.

The CipherTrust Manager k160 small form factor appliance has different supported upgrade paths than all other models, presented below.

Supported upgrade paths from 2.0 to latest FR version. Textual representation of specific upgrade paths available in release notes for a target version.

copy link to clipboardk160 Upgrade Path for Latest Supported Release

The CipherTrust Manager k160 support for FR versions is determined per release in order to offer early access to features specific to the k160 platform. Consult the release notes for an FR version to confirm whether k160 is supported.

For releases leading up to the next LTS release, only the validated upgrade paths below are supported:

k160 upgrade paths 2.11.2-tct to 2.16.x

Due to the specifics of the CipherTrust Manager k160 platform, there are a number of advisories to be mindful of when performing system upgrades:

  • Always use the cluster remove/rebuild method for performing system upgrades.

  • Due to a known issue CM-2, if performing a system reset at versions 2.11.2-tct or 2.15.x, do not re-register token HSMs until upgrades to v2.16.x or higher are complete.

  • Certain error messages may appear on the console output while the system upgrade process proceeds. These messages are normal and can be ignored. Contact Thales TCT Support if the process completes and reports something other than successful.

On this page