Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 8.0 LTS - Release Notes

Upgrade and installation instructions

The One Identity Safeguard for Privileged Sessions appliance is built specifically for use only with the One Identity Safeguard for Privileged Sessions software that is already installed and ready for immediate use.

To upgrade to One Identity Safeguard for Privileged Sessions 8.0 LTS

For step-by-step instructions on upgrading to SPS 8.0 LTS, see Upgrade Guide.

NOTE: Due to legal reasons, installation packages of the external indexer application will be available only from the SPS web interface. After SPS versions 6.4 and 6.0.3 are released, the installation packages will be removed from our website.

Caution:

Starting from 6.10.0, SPS (SPS) has changed to hardened SSL settings. As a result, during TLS session establishment, the following items are not considered secure:

  • Private keys and X.509 certificates having RSA or DSA keys shorter than 2048 bits, or ECC keys shorter than 224 bits.

  • Certificates (other than Root CA certificates) with signatures that use the SHA-1 or the MD5 hashing algorithm.

With the hardened SSL settings, SPS will not connect to remote systems that are protected with weak certificates.

You cannot upgrade SPS if your configuration contains insecure certificates, keys or certificate chains in any of the following sections:

  • SPS web interface

  • internal CA certificate

  • connection policy TLS settings

  • client X.509 credentials for external LDAP, SMTP or Syslog connections

  • server X.509 certificates for external SMTP or Splunk servers

  • external indexer credentials (only writable over the REST API)

  • CA certificates in Trusted CA Lists and Trust Stores

Note that the certificates and keys that are used for signing, timestamping, encryption or decryption are not affected by this change.

About feature releases

This is a feature release.

For more information on the product support, see Product Support - One Identity Safeguard for Privileged Sessions.

For a full description of long-term-supported and feature releases, see Product Life Cycle & Policies - One Identity Safeguard for Privileged Sessions.

If you have a physical appliance based on MBX hardware

One Identity recommends you to upgrade to SPS 8.0 LTS, if you are not running SPS on Pyramid hardware and any of the following is true:

NOTE: If you do not know the type of your hardware, see If you have a physical appliance based on Pyramid hardware.

  • You wish to take advantage of any of the new features.

  • You are running a previous feature release.

  • You are OK with having to continuously upgrade to the latest feature release to remain supported.

    We are releasing new feature releases approximately once every 2 months.

If you have a physical appliance based on Pyramid hardware

Do NOT upgrade to SPS 8.0 LTS if you are running SPS on Pyramid hardware:

Downgrading from a feature release

Do NOT downgrade from a feature release.

Caution:

Downgrading from a feature release is not supported. If you upgrade from an LTS release (for example, 4.0) to a feature release (4.1), you have to keep upgrading with each new feature release until the next LTS version (in this case, 5.0) is published.

Verify successful installation

Navigate to Basic Settings > System > Version details and verify that SPS is running version 8.0 LTS of the firmware. If not, it means that the upgrade process did not complete properly and SPS performed a rollback to revert to the earlier firmware version. In this case, complete the following steps:

  1. Navigate to Basic Settings > Troubleshooting > Create support bundle and click Create support bundle.

  2. Save the resulting ZIP file.

  3. contact our Support Team and send them the file. They will analyze its contents to determine why the upgrade was not completed and assist you in solving the problem.

More resources

To obtain more information, read the technical documentation or consult the community:

Globalization

This section contains information about installing and operating this product in non-English configurations, such as those needed by customers outside of North America. This section does not replace the materials about supported platforms and configurations found elsewhere in the product documentation.

This release is Unicode-enabled and supports any character set. In this release, all product components should be configured to use the same or compatible character encodings and should be installed to use the same locale and regional options. This release is targeted to support operations in the following regions: North America, Western Europe and Latin America, Central and Eastern Europe, Far-East Asia, Japan. It supports bidirectional writing (Arabic and Hebrew). The release supports Complex Script (Central Asia – India, Thailand).

This release has the following known capabilities or limitations: OCR is limited to Nuance supported languages. No support for RTL languages.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating