Black Box ET0010A User Manual
Installing Software Updates
EncrypTight User Guide
73
Installing Software Updates
Software updates for EncrypTight are available separately from the PEP software. You might need to
update all of the components in your system, or only specific components. This procedure assumes that
you are updating all of the components of EncrypTight. If you are upgrading from software versions that
are several years old, contact customer support for assistance with your upgrade path.
To upgrade EncrypTight to a new release, take the following steps:
update all of the components in your system, or only specific components. This procedure assumes that
you are updating all of the components of EncrypTight. If you are upgrading from software versions that
are several years old, contact customer support for assistance with your upgrade path.
To upgrade EncrypTight to a new release, take the following steps:
●
●
●
●
●
●
●
Step 1: Schedule the Upgrade
Proper scheduling of your upgrade is imperative to minimize traffic disruptions. ETKMSs communicate
with PEPs to deploy policies, and to renew keys and refresh policy lifetimes. The upgrade process for the
ETKMSs and the EncrypTight software can interrupt this communication, and the upgrade for a PEP
interrupts data traffic when the PEP reboots.
with PEPs to deploy policies, and to renew keys and refresh policy lifetimes. The upgrade process for the
ETKMSs and the EncrypTight software can interrupt this communication, and the upgrade for a PEP
interrupts data traffic when the PEP reboots.
Review the following guidelines prior to scheduling an upgrade:
●
Schedule the upgrade during a planned and approved maintenance window
●
Do not deploy policies during the upgrade process
●
Do not perform upgrades when keys are scheduled to be renewed.
To prevent key renewal during the upgrade process, check the Renew Keys/Refresh Lifetime setting on
each policy defined in ETPM. There are two types of settings: daily at a specific time and periodically at
an interval between 0 to 65535 hours.
each policy defined in ETPM. There are two types of settings: daily at a specific time and periodically at
an interval between 0 to 65535 hours.
●
For policies that renew and refresh at a specific time of day, find a period when there is enough time
to complete the upgrade before the scheduled key renewal.
to complete the upgrade before the scheduled key renewal.
●
For policies that renew periodically, temporarily change these policies to provide enough time to
complete the upgrade. Consider using zero lifetime policies, which don’t rekey, until the upgrade
process is complete.
complete the upgrade. Consider using zero lifetime policies, which don’t rekey, until the upgrade
process is complete.
The upgrade process should take about 30 minutes for each external ETKMS, 15 minutes for the
EncrypTight software, and 5-15 minutes for each PEP. You can upgrade multiple PEPs at the same time,
which can shorten the total length of time it takes to perform the full upgrade process.
EncrypTight software, and 5-15 minutes for each PEP. You can upgrade multiple PEPs at the same time,
which can shorten the total length of time it takes to perform the full upgrade process.
Once you start, the ETKMSs and the EncrypTight software must be upgraded in sequence. After these
upgrades are complete, you need to deploy your policies in order to trigger the ETKMSs to generate a
new policy database. You should take this step before you upgrade the PEPs. Because this will interrupt
traffic on the PEPs briefly, you should consider the timing of this step as you plan your upgrade.
upgrades are complete, you need to deploy your policies in order to trigger the ETKMSs to generate a
new policy database. You should take this step before you upgrade the PEPs. Because this will interrupt
traffic on the PEPs briefly, you should consider the timing of this step as you plan your upgrade.
After these upgrades are complete, you can upgrade the PEPs.