Upgrade steps

Use the information in this section when you are performing the upgrades on the servers in your cluster. This section includes specific upgrade steps for the three supported upgrade models. These upgrade models are:

  • In place rolling upgrade. When using this upgrade model, you will remove one server at a time from the application delivery controller, upgrade it, and then replace it in the application delivery controller before upgrading the next server. This model requires both redundancy (i.e. all services the cluster provides are provided by at least two servers) and an application delivery controller (so the network traffic can be directed to the online servers while the offline server is being upgraded). This upgrade model results in no outage. This process takes significantly longer than offline upgrades. It also requires multiple configuration changes to the application delivery controller settings throughout the upgrade process. During the upgrade, you need to wait until there are no active connections on the ports that Venafi services before you can perform the upgrade on that Venafi server. For information on the steps for this upgrade model, see In place rolling upgrade.

  • Replace rolling upgrade. With this upgrade model, you will deploy new Windows servers. After Trust Protection Platform is installed and running on those servers, you will join them to the application delivery controller for the cluster. Finally, you will decomission the servers with the older version of Trust Protection Platform. This model requires you to deploy one new server for each existing server. For example, if you have six Venafi servers on your origin versionClosed (Upgrade origin version) When upgrading Venafi Trust Protection Platform from the currently-installed version to a newer version, the currently-installed version is referred to as the origin version. (that you are upgrading from), you would need to deploy six new Windows servers for the target versionClosed (upgrade target version) When upgrading Venafi Trust Protection Platform from the currently-installed version to a newer version, the newer version is referred to as the target version., each one matching exactly the configuration of the server it will replace (including Venafi components, processing engine assignments, and network discovery zones).

    This model can often result in a cleaner upgrade process, and allows you to upgrade your Windows operating system at the same time you are upgrading your Venafi version, but results in extra manual configuration or steps that need to be scripted. For more information on the steps for this upgrade model, see Replace rolling upgrades.

  • Offline upgrade. (Not a rolling upgrade) In this model, you take down the entire Venafi server cluster at the same time. You turn off all services on all servers simultaneously. This causes an outage of Venafi service, but allows the upgrade to happen much faster. This model is often suitable for environments that have lower uptime requirements. This model is the only upgrade model that was supported in 19.4 and earlier. For more information on the steps for this upgrade model, see Offline upgrade.

Use the menu on the right to browse to the individual upgrade topics.