.. _upgrading_storedsafe: ==================== Upgrading StoredSafe ==================== This procedure describes how to upgrade StoredSafe. StoredSafe images are periodically released to provide new features, improvements, and security patches. A StoredSafe upgrade involves downloading the latest image and applying it to your existing installation. Upgrading StoredSafe is a straightforward process, but it is important to follow the steps carefully to avoid data loss or system downtime. The instructions below assume that you have administrative access to the StoredSafe server and that you are familiar with basic system administration tasks. If you encounter any issues during the upgrade process, refer to the StoredSafe documentation or contact support for assistance. - For assurance level **A** (VM installed in organization's trusted environment), you should perform a snapshot of the VM before proceeding with the upgrade. This allows you to revert to the previous state in case of any unlikely issues during the upgrade process. - For assurance level **AA** (VM hosted in StoredSafe cloud), upgrades are performed by StoredSafe. **No action is required on your part.** - For assurance level **AAA** and **AAA+** (one or more physical appliances), ensure that you have a complete backup of your StoredSafe data before proceeding with the upgrade. Assurance level AAA+ - multiple appliances (active/passive nodes): ------------------------------------------------------------------- In short steps, the upgrade procedure is as follows, restore data from primary (node A) to secondary node (node B), upgrade the secondary node (node B), activate the secondary as the new primary, and upgrade the former primary (node A). :: Node A = Primary/Active node Node B = Secondary/Passive node #. **Download the upgrade package**: Obtain the upgrade package from the official StoredSafe website or your support portal. An upgrade package consists of a signed ISO image and a detached PGP signature. All official StoredSafe images are cryptographically signed to ensure their authenticity. #. **Transfer the upgrade package to all appliances**: Ensure that the upgrade package is available on all StoredSafe appliances that need to be upgraded. This is usually done by using SCP or a similar file transfer method to transfer the files to each appliance, or by using a USB-stick to physically transfer the files. For SCP, transfer the files to scp://storedsafe@:transfer/ #. **Inform users** about the planned upgrade and instruct them to treat node A as read-only during the upgrade process. #. **Backup node A** as described in :ref:`backup`. #. **Restore data on node B** as described in :ref:`restore`. #. **Verify the restore** on node B by logging in and checking that the data is accessible and correct. #. **Perform the firmware upgrade** on node B as described in :ref:`firmware management`. #. **Enable login** on node B using the :ref:`login settings` menu. #. **Verify the firmware upgrade** on node B by logging in and checking that the data is accessible and correct after the upgrade. #. **Switch roles** by promoting node B to be the **new primary/active node** and demoting node A to be the secondary/passive node. #. **Disable login** on node A using the :ref:`login settings` menu. #. **Perform the firmware upgrade** on node A, now acting as the secondary/passive node. #. **Verify the firmware upgrade** on node A by logging in and checking that the data is accessible and correct after the upgrade. #. **Inform users** that the upgrade process is complete and that they can **resume normal operations**. Assurance level AAA - single appliance: --------------------------------------- :: Node A = Single node #. **Download the upgrade package**: Obtain the upgrade package from the official StoredSafe website or your support portal. An upgrade package consists of a signed ISO image and a detached PGP signature. All official StoredSafe images are cryptographically signed to ensure their authenticity. #. **Transfer the upgrade package**: This is usually done by using SCP or a similar file transfer method to transfer the files to the appliance, or by using a USB-stick to physically transfer the files. For SCP, transfer the files to scp://storedsafe@:transfer/ #. **Inform users** about the planned upgrade and ask them to refrain from using the system during the upgrade process. #. **Disable login** using the :ref:`login settings` menu. #. **Backup node A** as described in :ref:`backup`. #. **Perform the firmware upgrade** as described in :ref:`firmware management`. #. **Enable login** using the :ref:`login settings` menu. #. **Verify the firmware upgrade** by logging in and checking that the data is accessible and correct after the upgrade. #. **Inform users** that the upgrade process is complete and that they can **resume normal operations**. Assurance level A - VM in trusted environment: ---------------------------------------------- :: Node A = Single node #. Perform a **snapshot of the VM** to allow reverting to the previous state in case of any issues during the upgrade process. #. **Download the upgrade package**: Obtain the upgrade package from the official StoredSafe website or your support portal. An upgrade package consists of a signed ISO image and a detached PGP signature. All official StoredSafe images are cryptographically signed to ensure their authenticity. #. **Transfer the upgrade package**: This is usually done by using SCP or a similar file transfer method to transfer the files to the appliance, or by using a USB-stick to physically transfer the files. For SCP, transfer the files to scp://storedsafe@:transfer/ #. **Inform users** about the planned upgrade and ask them to refrain from using the system during the upgrade process. #. **Disable login** using the :ref:`login settings` menu. #. **Backup node A** as described in :ref:`backup`. #. **Perform the firmware upgrade** as described in :ref:`firmware management`. #. **Enable login** using the :ref:`login settings` menu. #. **Verify the firmware upgrade** by logging in and checking that the data is accessible and correct after the upgrade. #. **Inform users** that the upgrade process is complete and that they can **resume normal operations**. #. If any issues were encountered during the upgrade, **revert to the VM snapshot** taken in step 1. #. After verifying that the system is functioning correctly, consider deleting the VM snapshot to free up resources.