Migrating from CT-VL Lower Versions to 2.9.0
This page describes the steps to migrate from CT-VL lower versions (2.6.0 to 2.8.3) to 2.9.0.
Following are the steps to migrate:
Step 1: Upgrading to CT-VL 2.8.x
Note
If you have multiple nodes in a cluster, you can upgrade all nodes at the same time.
Obtain the upgrade ZIP file from your Thales sales or support representative, and place the file on a server that is accessible from CT-VL over either HTTP or FTP.
Although the upgrade ZIP file is encrypted and digitally signed, the HTTP server can use SSL (HTTPS) and basic authentication. The HTTPS server can also use a self-signed certificate.
Log in as
cliadminto the CT-VL virtual machine that you want to upgrade. In the following example command, substitute your own CT-VL hostname.$ ssh -l cliadmin <Tokenization Server hostname> cliadmin@<Tokenization_Server_IP_address> password: <Enter the cliadmin password> [...] CipherTrust Tokenization Server Main Menu main> ? Command Description ======= =========== auth Authentication Setup cluster Cluster Setup icapi ProtectApp Setup network Network Setup system System Setup vae VAE Configuration vts Tokenization Setup quit|q|up|<ctrl-d> Quit or return to previous menu exit Exit application Enter <command> to display usage main>At the main menu, enter:
main> vts upgrade --url <upgrade_zip_url>Another option is to navigate to the vts submenu and enter the upgrade command directly:
main> vts vts> upgrade --url <upgrade_zip_url>Examples:
upgrade https://example.com/ctvl-upgrade-<version>.zip upgrade https://username:password@example.com/ctvl-upgrade-<version>.zip upgrade ftp://example.com/ctvl-upgrade-<version>.zipWatch the output of the
upgradecommand while the upgrade is underway. After several progress messages, you should see a success message like the following:Upgrade complete.Depending on the type of upgrade, the system will be rebooted at the end for changes to take effect. You are prompted at the beginning of the upgrade for confirmation.
There are other options to perform an upgrade. Run
upgrade --helpfor details.
Note
All nodes in the cluster must be upgraded to the same CT-VL version. A CT-VL cluster must not operate nodes using different CT-VL versions.
When upgrading nodes in a cluster, all CT-VL operations must be suspended. If this is not possible, you must perform a rolling upgrade. The nodes to be upgraded must be taken offline,for example, taken out of the load balancer before an upgrade is performed.
When the load balancer is ready to use the upgraded nodes, all other nodes not yet upgraded must be taken offline.
At any one time, the load balancer must not serve nodes running different CT-VL versions.While a node upgrade is in progress, it must not be interrupted. If it is interrupted or does not complete successfully, you must discard the node by removing it from the cluster.
Create a new VM, upgrade it to the desired version, and rejoin it to the cluster. When joining the node to the cluster, it must have the same version as all other nodes in the cluster.All nodes in the cluster must be upgraded, and must complete the upgrade before resuming operations.
Only newly-created instances from CT-VL 2.6.0 and above can use the SSH key pair in AWS.
Step 2: Migrating from CT-VL 2.8.x to 2.9.0
Upgrade to CT-VL 2.9.0 is not supported. To migrate to CT-VL 2.9.0, create a new CT-VL instance and perform the backup and restore operations.
Create backup on CT-VL 2.8.x.
Create a new CT-VL instance.
Note
Use the same CipherTrust Manager for performing the backup and restore operations.
Restore backup on CT-VL 2.9.0.
Refer to Backing Up and Restoring CT-VL for instructions on this backup step and on the subsequent restore step.
