Supported Upgrade Paths
Supported upgrade paths are presented for the latest Feature Release (FR) and Long Term Support (LTS) CipherTrust Manager software versions. Consult the release model page for details about these release types. Release Notes for individual release versions also contain supported upgrade paths to that version, alongside any special instructions or considerations.
Upgrade path support follows some general patterns, with exceptions identified for particular cases:
You can upgrade a standalone, unclustered appliance up to three minor versions at one time.
You can upgrade cluster nodes in the cluster remove/rebuild method up to three minor versions at one time.
You can upgrade cluster nodes in the in-place online cluster upgrade up to one minor version at one time.
If you are starting at a version below 2.8.x, you must upgrade to 2.8.1 before upgrading to higher versions.
Upgrade to the latest patch of the minor version for any starting, intermediate, or destination minor version.
Upgrade to Latest Long Term Support Version
Upgrade procedures for latest LTS Version are included in software documentation for that version.
The supported cluster upgrade methods to LTS releases are online in-place, offline in-place, and cluster remove/rebuild. These paths are valid for the CipherTrust Manager k470 and k570 physical appliances, and Virtual CipherTrust Manager k170v and k470v instances.
Note
- Upgrade paths from 2.8.0-TCT and 2.11.2-TCT are not presented here. These releases is only found on the Thales TCT k160 small form factor appliance. Consult Release Notes for a desired target version to see if upgrade on the Thales TCT k160 appliance is supported.
Upgrade to Latest Feature Release Version
Upgrade procedures for latest FR Version are included in software documentation for that version.
The supported cluster upgrade methods to FR versions are online in-place and cluster remove/rebuild.
Note
This section presents upgrade paths to the latest FR version only. It is not intended to present paths to any earlier version. Consult release notes for earlier versions for upgrade paths.
To upgrade 2.11.6 patch with the cluster online in-place method, you must use the force flag,
-oto upgrade to 2.12.2. The upgrade command issudo /opt/keysecure/ks_upgrade.sh -f <archive_file_path> -o.To upgrade 2.12.2 to 2.15.0 or 2.11.6 to 2.14.2 with a standalone device, or with the cluster rebuild/remove method, you must use the force flag,
-o. The upgrade command issudo /opt/keysecure/ks_upgrade.sh -f <archive_file_path> -o.Upgrade to 2.9.2 is not recommended. If you are already on the 2.9.2 patch, you can upgrade to 2.10.3 with a standalone device or with the cluster rebuild/remove method. You can upgrade 2.9.2 to 2.12.2 with the cluster online in place method.
These paths are valid for the CipherTrust Manager k470 and k570 physical appliances, and Virtual CipherTrust Manager k170v and k470v instances.
The CipherTrust Manager k160 small form factor appliance has different supported upgrade paths than all other models, presented below.
k160 Upgrade Path for Latest Supported Release
The CipherTrust Manager k160 support for FR versions is determined per release in order to offer early access to features specific to the k160 platform. Consult the release notes for an FR version to confirm whether k160 is supported.
For releases leading up to the next LTS release, only the validated upgrade paths below are supported:
Due to the specifics of the CipherTrust Manager k160 platform, there are a number of advisories to be mindful of when performing system upgrades:
Always use the cluster remove/rebuild method for performing system upgrades.
Due to a known issue CM-2, if performing a system reset at versions 2.11.2-tct or 2.15.x, do not re-register token HSMs until upgrades to v2.16.x or higher are complete.
Certain error messages may appear on the console output while the system upgrade process proceeds. These messages are normal and can be ignored. Contact Thales TCT Support if the process completes and reports something other than successful.
