Upgrading Verify Privilege Vault with Web Clustering

Introduction

Verify Privilege Vault has a built-in Web installer. The Web installer is a series of pages inside Verify Privilege Vault that allow you to download and run updates. Verify Privilege Vault is accessible to users for most of the upgrade process. You can bring down outside access to the site if you want to prevent users from making changes during the upgrade. Preventing user access makes restoring the database and site backups simpler if you decide to roll back the upgrade immediately afterward.

Before Beginning

• Ensure that you have account credentials information and access for the server hosting Verify Privilege Vaultand the SQL Server instance hosting your Verify Privilege Vault database.

• Have a recent backup of the application files and database available.

• If you use clustering, stop the application pools on all of the servers.

Upgrading a Clustered Environment

1. Follow the instructions in Upgrading Verify Privilege Vault or Upgrading Verify Privilege Vault Without Outbound Access as applicable to upgrade one server.

2. Once upgraded and working, copy the Web application folder (without the database.config or the encryption.config files) to all secondary servers, and replace the content of the existing Web application folder with the new version.

3. If the IBM Security Management Server is installed and clustered, you need to copy the IBM Security Management Server directory to the secondary servers as well. This directory is included by default for new installs of Verify Privilege Vault 10.2 and above. The IBM Security Management Server is used by advanced session recording and Verify Privilege Manager. If the IBM Security Management Server folder and site do not exist in IIS, then no additional actions are needed beyond copying the Verify Privilege Vault directory.

4. Start secondary servers and confirm they still work.

EFS and DPAPI Encryption

When upgrading, after the initial cluster configuration, you do not need to copy the database.config or encryption.config files to the other servers. If you need to copy those files because the database configuration changed and uses DPAPI, disable DPAPI encryption in Verify Privilege Vault by going to Admin > Configuration and clicking Decrypt Key to not use DPAPI, located on the Security tab, before copying those files to secondary servers.

Upgrading Database Mirroring

1. If there is more than one Web server running Verify Privilege Vault, ensure all instances are pointing to the same database.

2. Stop all but one of the web servers.

3. Perform the upgrade on that single instance.

4. Once upgraded and working, copy the Web application folder to all secondary servers.

5. Start the secondary servers, and confirm they work.

6. Ensure all instances are properly activated.

7. Ensure that the database changes have been replicated to the mirror database.

8. If the secondary Web server was pointing originally to the secondary database, adjust it to point back to the secondary database.

Upgrading Remote DR Instances

1. Perform the upgrade on one instance.

2. Backup that instance.

3. Copy the database backup to the remote DR instance.

4. Restore the database.

5. Once the instance is upgraded and working, copy the Web application folder (but not the database.config or the encryption.config files) to the remote DR instance (overwriting the existing files).

6. Restart IIS or recycle the application pool running Verify Privilege Vault on the remote DR instance.

7. Confirm that the remote DR instance is working correctly.

Error Conditions

Error(s) that may arise if the following condition(s) exist:

The version does not match: If a node is not properly updated from the source node after an upgrade, that node will not run because the application version does not match the database. The solution is to copy the application folder (minus the database.config or encryption.config files) and to replace the files on the secondary server.