Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Tasks

Migrating from CT-VL Lower Versions to 2.9.0

search

Please Note:

printsuggest an edit

Migrating from CT-VL Lower Versions to 2.9.0

This page describes the steps to migrate from CT-VL lower versions (2.6.0 to 2.8.3) to 2.9.0.

Following are the steps to migrate:

copy link to clipboardStep 1: Upgrading to CT-VL 2.8.x

Note

If you have multiple nodes in a cluster, you can upgrade all nodes at the same time.

  1. Obtain the upgrade ZIP file from your Thales sales or support representative, and place the file on a server that is accessible from CT-VL over either HTTP or FTP.

  2. Although the upgrade ZIP file is encrypted and digitally signed, the HTTP server can use SSL (HTTPS) and basic authentication. The HTTPS server can also use a self-signed certificate.

  3. Log in as cliadmin to the CT-VL virtual machine that you want to upgrade. In the following example command, substitute your own CT-VL hostname.

    $ ssh -l cliadmin <Tokenization Server hostname>
cliadmin@<Tokenization_Server_IP_address> password: <Enter the cliadmin
password>
[...]
CipherTrust Tokenization Server Main Menu
main> ?
Command                     Description
=======                     ===========
auth                        Authentication Setup
cluster                     Cluster Setup
icapi                       ProtectApp Setup
network                     Network Setup
system                      System Setup
vae                         VAE Configuration
vts                         Tokenization Setup
quit|q|up|<ctrl-d>          Quit or return to previous menu
exit                        Exit application

Enter <command> to display usage
main>

  4. At the main menu, enter:

    main> vts upgrade --url <upgrade_zip_url>

    Another option is to navigate to the vts submenu and enter the upgrade command directly:

    main> vts
vts> upgrade --url <upgrade_zip_url>

    Examples:

    upgrade https://example.com/ctvl-upgrade-<version>.zip
upgrade https://username:password@example.com/ctvl-upgrade-<version>.zip
upgrade ftp://example.com/ctvl-upgrade-<version>.zip

    Watch the output of the upgrade command while the upgrade is underway. After several progress messages, you should see a success message like the following: 

    Upgrade complete.

    Depending on the type of upgrade, the system will be rebooted at the end for changes to take effect. You are prompted at the beginning of the upgrade for confirmation.

    There are other options to perform an upgrade. Run upgrade --help for details.

Note

  • All nodes in the cluster must be upgraded to the same CT-VL version. A CT-VL cluster must not operate nodes using different CT-VL versions.

  • When upgrading nodes in a cluster, all CT-VL operations must be suspended. If this is not possible, you must perform a rolling upgrade. The nodes to be upgraded must be taken offline,for example, taken out of the load balancer before an upgrade is performed.
    When the load balancer is ready to use the upgraded nodes, all other nodes not yet upgraded must be taken offline.
    At any one time, the load balancer must not serve nodes running different CT-VL versions.

  • While a node upgrade is in progress, it must not be interrupted. If it is interrupted or does not complete successfully, you must discard the node by removing it from the cluster.
    Create a new VM, upgrade it to the desired version, and rejoin it to the cluster. When joining the node to the cluster, it must have the same version as all other nodes in the cluster.

  • All nodes in the cluster must be upgraded, and must complete the upgrade before resuming operations.

  • Only newly-created instances from CT-VL 2.6.0 and above can use the SSH key pair in AWS.

copy link to clipboardStep 2: Migrating from CT-VL 2.8.x to 2.9.0

Upgrade to CT-VL 2.9.0 is not supported. To migrate to CT-VL 2.9.0, create a new CT-VL instance and perform the backup and restore operations.

  1. Create backup on CT-VL 2.8.x.

  2. Create a new CT-VL instance.

    Note

    Use the same CipherTrust Manager for performing the backup and restore operations.

  3. Restore backup on CT-VL 2.9.0.

Refer to Backing Up and Restoring CT-VL for instructions on this backup step and on the subsequent restore step.

On this page