Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
back

Tasks

Upgrading CT-VL

search

Please Note:

printsuggest an edit

Upgrading CT-VL

You can upgrade with the standard upgrade ZIP file only if you are upgrading from CT-VL v2.3 or higher. If you are upgrading from any CT-VL version earlier than v2.3, refer to the release notes for specific details based on the current version you are upgrading from.

If you are upgrading from CT-VL version 2.2.x or earlier, you must perform a backup and restore procedure as part of your upgrade. The backup includes users and groups, permissions, and settings. You can perform this backup either through the CT-VL GUI or REST APIs.

Refer to Backing Up and Restoring CT-VL for instructions on this backup step, and on the subsequent restore step.

copy link to clipboardNotes for Upgrading a Cluster

  • All nodes in the cluster must be upgraded to the same CT-VL version. A CT-VL cluster must not operate nodes using different CT-VL versions.

  • When upgrading nodes in a cluster, all CT-VL operations must be suspended. If this is not possible, you must perform a rolling upgrade. The nodes to be upgraded must be taken offline,for example, taken out of the load balancer before an upgrade is performed.
    When the load balancer is ready to use the upgraded nodes, all other nodes not yet upgraded must be taken offline.
    At any one time, the load balancer must not serve nodes running different CT-VL versions.

  • While a node upgrade is in progress, it must not be interrupted. If it is interrupted or does not complete successfully, you must discard the node by removing it from the cluster.
    Create a new VM, upgrade it to the desired version, and rejoin it to the cluster. When joining the node to the cluster, it must have the same version as all other nodes in the cluster.

  • All nodes in the cluster must be upgraded, and must complete the upgrade before resuming operations.

copy link to clipboardUpgrades to AWS Instances Cannot Use SSH Key Pairs

Upgrading an EC2 instance from CT-VL v2.5 or earlier retains the use of passwords for the cliadmin instead of SSH key pairs. Only newly-created instances from CT-VL v2.6 and above can use the SSH key pair in AWS.

copy link to clipboardUpgrade Steps

If you have multiple nodes in a cluster, you can upgrade all nodes at the same time.

  1. Obtain the upgrade ZIP file from your Thales sales or support representative, and place the file on a server that is accessible from CT-VL over either HTTP or FTP.

  2. Although the upgrade ZIP file is encrypted and digitally signed, the HTTP server can use SSL (HTTPS) and basic authentication. The HTTPS server can also use a self-signed certificate.

  3. Log in as cliadmin to the CT-VL virtual machine that you want to upgrade. In the following example command, substitute your own CT-VL hostname.

    $ ssh -l cliadmin <Tokenization Server hostname>
cliadmin@<Tokenization_Server_IP_address> password: <Enter the cliadmin
password>
[...]
CipherTrust Tokenization Server Main Menu
main> ?
Command                     Description
=======                     ===========
auth                        Authentication Setup
cluster                     Cluster Setup
icapi                       ProtectApp Setup
network                     Network Setup
system                      System Setup
vae                         VAE Configuration
vts                         Tokenization Setup
quit|q|up|<ctrl-d>          Quit or return to previous menu
exit                        Exit application

Enter <command> to display usage
main>

  4. At the main menu, enter:

    main> vts upgrade --url <upgrade_zip_url>

    Another option is to navigate to the vts submenu and enter the upgrade command directly:

    main> vts
vts> upgrade --url <upgrade_zip_url>

    Examples:

    upgrade https://example.com/ctvl-upgrade-<version>.zip
upgrade https://username:password@example.com/ctvl-upgrade-<version>.zip
upgrade ftp://example.com/ctvl-upgrade-<version>.zip

Watch the output of the upgrade command while the upgrade is underway. After several progress messages, you should see a success message like the following: 

Upgrade complete.

Depending on the type of upgrade, the system will be rebooted at the end for changes to take effect. You are prompted at the beginning of the upgrade for confirmation.

There are other options to perform an upgrade. Run upgrade --help for details.

On this page