Upgrading CTE on AIX

This chapter describes how to upgrade an existing VTE for AIX host to CipherTrust Transparent Encryption (CTE) for AIX.

Scheduling a CTE Agent Upgrade

You can schedule an upgrade of the CTE Agent to occur the next time the server on which a CTE Agent is installed reboots normally. Scheduling an upgrade can minimize CTE service interruptions and reduce coordination issues in organizations where the security roles are separated.

Note

Scheduled upgrade on reboot is available in VTE for AIX version 5.3.0 GA and onwards. You cannot schedule an upgrade from an earlier version of VTE to version 5.3.0 GA or to CTE version .

Before You Begin

Keep in mind the following prerequisites for using scheduled upgrade, usage notes, and how scheduled upgrade behaves when errors occur:

If a crash/power failure occurs before a user-initiated reboot, the scheduled upgrade runs when the system comes up after the crash/power failure.
CipherTrust Manager connectivity is required during the scheduled upgrade process.
All databases must be configured to automatically stop before CTE services stop during reboot/shutdown.
Stopping and restarting the CTE Agent does not trigger a scheduled upgrade.
The installation binary used to run the scheduled upgrade is stored in /var/tmp until the scheduled upgrade runs. Ensure that no scheduled maintenance jobs periodically delete files in /var/tmp. All temporary files used by scheduled upgrade are removed following a successful scheduled upgrade.

Using the Scheduled Upgrade Feature

Note

If a scheduled upgrade has been enabled but has not run because the system wasn’t rebooted, you can override the existing scheduled upgrade with a newer CTE version by using the procedure described here with the newer installation binary.

Verify that the version of CTE you currently have installed is eligible for scheduled upgrade:
```
 vmd -v
```
The version listed must be version 5.3.0 or later.
Log in as root, change to the directory containing the installation binary, and run the binary with the -u scheduled upgrade option. For example:
```
 ./vee-fs-7.2.0-56-aix71.bin -u
```
The following upgrade confirmation is displayed:

upgrade on reboot configured

Note

If syslog is properly configured, appropriate logs will be logged in syslog.
When you are ready, reboot the server.
```
 shutdown -Fr
```
When the system restarts, the scheduled upgrade runs without any intervention needed.
After the system is up and running, log in and run vmd -v to verify that the new version has been installed.

Performing an Upgrade Manually When an Upgrade is Already Scheduled

If you want to upgrade without waiting for the system to reboot, follow these steps to perform an upgrade manually when a scheduled upgrade is already enabled:

Log in as root, change to the directory containing the installation binary, and run the binary without the -u scheduled upgrade option. For example:
```
./vee-fs-7.2.0-56-aix71.bin
```
The following upgrade confirmation is displayed:
```
upgrade on reboot pending
do you wish to continue [y/n]: y
```
Enter “Y” to cancel the scheduled upgrade and proceed with an immediate installation. If you enter “N”, the scheduled upgrade remains enabled and occurs on the next reboot.

If you enter “Y”, the binary runs and displays the license agreement.
When prompted, enter “Y” to accept the license agreement or “N” to exit.

After accepting the license agreement, the normal upgrade proceeds, the scheduled upgrade is canceled, and temporary files used by the scheduled upgrade are removed.

Suggest A Change