“Welcome, Balabit customers to One Identity Support Portal click here for for frequently asked questions regarding servicing your supported assets.”

One Identity Safeguard for Privileged Sessions 5.7.0 - Upgrade Guide

Preface

Welcome to One Identity Safeguard for Privileged Sessions (Safeguard for Privileged Sessions) version 5 F7 and thank you for choosing our product. This document describes the upgrade process from existing Safeguard for Privileged Sessions installations to Safeguard for Privileged Sessions 5 F7. The main goal of this paper is to help system administrators in planning the migration to the new version of Safeguard for Privileged Sessions.

Caution:

Read the entire document thoroughly before starting the upgrade.

This document covers the One Identity Safeguard for Privileged Sessions 5 F7 product.


Was this topic helpful?

[Select Rating]



Versions and releases of Safeguard for Privileged Sessions

As of June 2011, the following release policy applies to One Identity Safeguard for Privileged Sessions:

  • Long Term Supported or LTS releases (for example, Safeguard for Privileged Sessions 4 LTS) are supported for 3 years after their original publication date and for 1 year after the next LTS release is published (whichever date is later). The second digit of the revisions of such releases is 0 (for example, Safeguard for Privileged Sessions 4.0.1). Maintenance releases to LTS releases contain only bugfixes and security updates.

  • Feature releases (for example, Safeguard for Privileged Sessions 4 F1) are supported for 6 months after their original publication date and for 2 months after a succeeding Feature or LTS release is published (whichever date is later). Feature releases contain enhancements and new features, presumably 1-3 new features per release. Only the last feature release is supported (for example, when a new feature release comes out, the last one becomes unsupported in 2 months).

For a full description of stable and feature releases, open the SPS product page on the Support Portal and navigate to Product Life Cycle & Policies > Product Support Policies > Software Product Support Lifecycle Policy.

Caution:

Downgrading from a feature release is not supported. If you upgrade from an LTS release (for example, 4.0) to a feature release (4.1), you have to keep upgrading with each new feature release until the next LTS version (in this case, 5.0) is published.


Was this topic helpful?

[Select Rating]



Prerequisites for upgrading Safeguard for Privileged Sessions

This section describes the requirements and steps to perform before starting the Safeguard for Privileged Sessions upgrade process.

  • You must have a valid software subscription to be able to download the new version of Safeguard for Privileged Sessions, and also the new license file.

  • You will need a support portal account to download the required ISO image. Note that the registration is not automatic, and might take up to two working days to be processed.

  • Back up your configuration and your data.

    For more information on creating configuration and data backups, see "Data and configuration backups" in the Administration Guide.

  • Export your configuration.

    For more information, see "Exporting the configuration of Safeguard for Privileged Sessions" in the Administration Guide.

  • Verify that Safeguard for Privileged Sessions is in good condition (no issues are displayed on the System Monitor).

  • Optional: If you have core dump files that are necessary for debugging, download them from Basic Settings > Troubleshooting > Core files. These files are removed during the upgrade process.

If you have a high availability cluster:

  • Verify that you have IPMI access to the slave node. You can find detailed information on using the IPMI interface in the following documents:

    For Safeguard for Privileged Sessions T4 and T10, see the X9 SMT IPMI User's Guide. For Safeguard for Privileged Sessions T1, see the SMT IPMI User's Guide.

  • On the Basic Settings > High Availability page, verify that the HA status is not degraded.

If you are upgrading Safeguard for Privileged Sessions in a virtual environment:

  • Create a snapshot of the virtual machine before starting the upgrade process.

  • Configure and enable console redirection (if the virtual environment allows it).

Notes and warnings about the upgrade

The following is a list of important notes and warnings about the upgrade process and changes in Safeguard for Privileged Sessions 5 F7.

Caution:

As part of the upgrade, Safeguard for Privileged Sessions upgrades its session database. Depending on the size of the session database, this process can take several days to finish. You can check the status of the upgrade process in the System Monitor.

During this upgrade, the session database used when searching on the REST API and the new Search interface is incomplete, and older sessions might not appear in the search results. The classic search is unaffected.

If there are any errors during the upgrade, contact our Support Team.

Caution:

Safeguard for Privileged Sessions 5 F4 and later versions use a new encryption algorithm to encrypt the recorded audit trails (AES128-GCM). This change has the following effects:

  • If you are using external indexers to index your audit trails, you must upgrade them to the latest version. Earlier versions will not be able to index encrypted audit trails recorded with Safeguard for Privileged Sessions 5 F4 and later.

  • To replay an encrypted audit trail recorded with Safeguard for Privileged Sessions 5 F4 or later, you can use the latest version of the Safeguard Desktop Player application, or the browser-based player of Safeguard for Privileged Sessions. You cannot replay such audit trails using earlier versions of Safeguard Desktop Player, nor any version of the Audit Player application.

Caution:

It is no longer possible to search for screen contents indexed by the old Audit Player on the new search UI and the REST interface. Searching in session metadata (such as IP addresses and usernames) and in extracted events (such as executed commands and window titles that appeared on the screen) remains possible.

As the old Audit Player was replaced and deprecated as an indexing tool during the 4.x versions, this should only affect very old sessions. Sessions that were processed by the new indexing service will work perfectly. If you wish to do screen content searches in historical sessions, contact our Support Team.

Upgrading from Safeguard for Privileged Sessions 5.0.0 or later:

Caution:

Physical Safeguard for Privileged Sessions appliances based on Pyramid hardware are not supported in 5 F1 and later feature releases. Do not upgrade to 5 F1 or later on a Pyramid-based hardware. The last supported release for this hardware is 5 LTS, which is a long-term supported release.

If you have purchased Safeguard for Privileged Sessions before August, 2014 and have not received a replacement hardware since then, you have Pyramid hardware, so do not upgrade to Safeguard for Privileged Sessions 5 F1 or later. If you have purchased Safeguard for Privileged Sessions after August 2014, you can upgrade to 5 F1.

If you do not know the type of your hardware or when it was purchased, complete the following steps:

  1. Login to Safeguard for Privileged Sessions.

  2. Navigate to Basic Settings > Troubleshooting > Create debug bundle for support ticket, click Create and save debug bundle from current system state, and save the file.

  3. Open a ticket at https://support.oneidentity.com/create-service-request/.

  4. Upload the file you downloaded from Safeguard for Privileged Sessions in Step 1.

  5. We will check the type of your hardware and notify you.


Was this topic helpful?

[Select Rating]



Upgrade path to Safeguard for Privileged Sessions 5 F7

Upgrading to Safeguard for Privileged Sessions 5 F7 is tested and supported using the following upgrade path:

  • The latest Safeguard for Privileged Sessions 5 LTS maintenance version (for example, 5.0.x) -> Safeguard for Privileged Sessions 5 F7

    Always upgrade to the latest available maintenance version of Safeguard for Privileged Sessions 5 LTS before upgrading to Safeguard for Privileged Sessions 5 F7.

  • The latest maintenance versions of the previous three feature releases (in this case, Safeguard for Privileged Sessions 5 F3 or later) -> Safeguard for Privileged Sessions 5 F7

    Always upgrade to the latest available maintenance version of the feature release before upgrading to Safeguard for Privileged Sessions 5 F7.

From older releases, upgrade to 5 LTS first. For details, see How to upgrade to One Identity Safeguard for Privileged Sessions 5 LTS.


Was this topic helpful?

[Select Rating]



Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents