Upgrading

If you're preparing to upgrade from a previous version of the Keyfactor Cloud Gateway, there are some additional steps to take to help ensure a smooth upgrade.

Preparing

The following are some preparation steps to consider for an upgrade:

  • The latest version of the gateway supports Windows Server 2016 and newer (see System Requirements). If your gateway is running on an older version of Windows, you will need to upgrade the OS as well or move to a different server.

  • The latest version of the gateway requires .NET Framework 4.7.2 or greater (see System Requirements). If your gateway is using an older .NET Framework version, you will need to upgrade this first.

  • The latest version of the gateway has a dependence on certain RSAT tools that were not required by older versions of the gateway (see Add Remote Server Administration Tools). If your gateway did not have a dependence on these, these will need to be installed if you intend to use the account synchronization feature.

  • The gateway can use a file to pass the configuration information into the configuration wizard. You may have been provided one of these already configured for your initial implementation, or you may have created one after typing in all the configuration information during the initial implementation. Create one with your latest configuration by going into the configuration wizard in your current gateway version and choosing File->Save Config File.... This file can be useful to refer to during the upgrade process (using a text editor), is a helpful backup should you need to fallback to your previous version, and can be imported into a new install of the latest gateway as long as you carefully review the configuration after import and confirm that everything is configured correctly and any new configuration added since the configuration file was generated is addressed.

    Figure 698: Save Configuration File Before Upgrade

    The configuration files generally have a .cmscfg extension. When creating the file, you have the option to encrypt and password protect the file. If the file has been password protected, sensitive information in the file, such as any service account passwords, will be encrypted, but the remainder of the file will be human readable. You will need to know the password used to protect the file in order to use the file in its complete state and import it into the configuration wizard.

  • In addition to making a backup of your configuration file, referenced above, backup the NLog configuration file for the gateway. The location of this file varies depending on where your gateway has been installed. The default location for this file in most gateway implementations is:

    C:\Program Files\Keyfactor\Keyfactor Managed CA Gateway

  • Check where the current gateway is installed. You will want to install the upgraded version into the same location. By default for most versions of the gateway, this is:

    C:\Program Files\Keyfactor\Keyfactor Managed CA Gateway

Upgrading

Most gateway upgrades are brief with a minimum of changes to the existing configuration. The new gateway software can be installed over the existing software installation without uninstalling the previous version.

Before you begin your upgrade, confirm with your Keyfactor Customer Success Manager that the cloud components for your gateway have successfully been prepared for your upgrade.

To upgrade your gateway:

  1. If you're doing a fresh install on a new server or are otherwise not installing over your older gateway, be sure that you have handy a saved copy of your gateway configuration file as referenced above.
  2. Install the gateway as per Installing, retaining the same installation location if you are installing over your existing gateway. The installer will default to the standard installation location—not the location of your existing gateway—so if your existing gateway is installed in a different location than this, you will need to browse to locate the correct installation path.

  3. In the gateway configuration wizard, look through the configuration tabs. If you are installing over your existing gateway, the existing configuration for your gateway will be retained when you upgrade. You will just need to step through the tabs, confirm everything is as it should be, and configure any features that have been added since your older version of the gateway was configured.

    If you are installing on a new server or a server without the older gateway software installed, import the configuration file you saved from your older gateway into the new gateway—in the configuration wizard choose File->Open Config File—and then carefully review the configuration and update as needed.

    Refer to Installing for assistance with each field.

  4. Once you've updated the configuration as needed, be sure to save a new copy of the configuration to a new file (not overwriting the file from your older gateway) for future reference.

Important:  The user running the upgrade needs to have Manage CA permissions in the gateway in order to run the gateway configuration wizard to complete the configuration. For more information, see Identify the Installation User.