Black Box ET1000A, ET0010A, EncrypTight, ET0100A Installing Software Updates, Schedule the Upgrade

Installing Software Updates

Installing Software Updates

Software updates for EncrypTight are available separately from the PEP software. You might need to update all of the components in your system, or only specific components. This procedure assumes that you are updating all of the components of EncrypTight. If you are upgrading from software versions that are several years old, contact customer support for assistance with your upgrade path.

To upgrade EncrypTight to a new release, take the following steps:

●Step 1: Schedule the Upgrade

●Step 2: Prepare ETPM Status and Renew Keys

●Step 3: Upgrade the EncrypTight Software

●Step 4: Verify ETKMS Status and Deploy Policies

●Step 5: Upgrade PEP Software

●Step 6: Change the PEP Software Version and Check Status

●Step 7: Return Status Refresh and Key Renewal to Original Settings

Step 1: Schedule the Upgrade

Proper scheduling of your upgrade is imperative to minimize traffic disruptions. ETKMSs communicate with PEPs to deploy policies, and to renew keys and refresh policy lifetimes. The upgrade process for the ETKMSs and the EncrypTight software can interrupt this communication, and the upgrade for a PEP interrupts data traffic when the PEP reboots.

Review the following guidelines prior to scheduling an upgrade:

●Schedule the upgrade during a planned and approved maintenance window

●Do not deploy policies during the upgrade process

●Do not perform upgrades when keys are scheduled to be renewed.

To prevent key renewal during the upgrade process, check the Renew Keys/Refresh Lifetime setting on each policy defined in ETPM. There are two types of settings: daily at a specific time and periodically at an interval between 0 to 65535 hours.

●For policies that renew and refresh at a specific time of day, find a period when there is enough time to complete the upgrade before the scheduled key renewal.

●For policies that renew periodically, temporarily change these policies to provide enough time to complete the upgrade. Consider using zero lifetime policies, which don’t rekey, until the upgrade process is complete.

The upgrade process should take about 30 minutes for each external ETKMS, 15 minutes for the EncrypTight software, and 5-15 minutes for each PEP. You can upgrade multiple PEPs at the same time, which can shorten the total length of time it takes to perform the full upgrade process.

Once you start, the ETKMSs and the EncrypTight software must be upgraded in sequence. After these upgrades are complete, you need to deploy your policies in order to trigger the ETKMSs to generate a new policy database. You should take this step before you upgrade the PEPs. Because this will interrupt traffic on the PEPs briefly, you should consider the timing of this step as you plan your upgrade.

After these upgrades are complete, you can upgrade the PEPs.